Skip to main content

Comfyui Copilot

1 CVEs product

Monthly

CVE-2026-13493 LOW POC PATCH Monitor

Workflow checkpoint endpoints in ComfyUI-Copilot up to 2.0.28 expose an insecure direct object reference (IDOR) flaw - the restore_workflow_checkpoint and update_workflow_ui handlers in conversation_api.py accept externally supplied version identifiers without verifying that the referenced checkpoint belongs to the requesting session, enabling an authenticated remote attacker to read workflow data owned by other sessions. The CVSS 4.0 score of 2.3 reflects limited confidentiality-only impact and high attack complexity (AC:H) due to the need to enumerate valid cross-session identifiers. A proof-of-concept is publicly available at GitHub issue #149; the upstream fix (PR #150) is pending acceptance and no patched release version has been confirmed.

Information Disclosure Checkpoint Comfyui Copilot
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.2%
EPSS 0% CVSS 1.3
LOW POC PATCH Monitor

Workflow checkpoint endpoints in ComfyUI-Copilot up to 2.0.28 expose an insecure direct object reference (IDOR) flaw - the restore_workflow_checkpoint and update_workflow_ui handlers in conversation_api.py accept externally supplied version identifiers without verifying that the referenced checkpoint belongs to the requesting session, enabling an authenticated remote attacker to read workflow data owned by other sessions. The CVSS 4.0 score of 2.3 reflects limited confidentiality-only impact and high attack complexity (AC:H) due to the need to enumerate valid cross-session identifiers. A proof-of-concept is publicly available at GitHub issue #149; the upstream fix (PR #150) is pending acceptance and no patched release version has been confirmed.

Information Disclosure Checkpoint Comfyui Copilot
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy