Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:comfyui:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Comfyui (d7476e68-babc-5b2d-9ff2-5e2701c03d6c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-6593 |
vulnerable | 2026-06-08 08:07:04.921257 |
ComfyUI View Endpoint server.py cross site scripting
LOW (3.5)
A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-20T01:30:17.995Z
Updated: 2026-04-20T16:18:25.910Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-6592 |
vulnerable | 2026-06-08 08:07:04.920917 |
ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting
LOW (3.5)
A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-20T01:15:14.548Z
Updated: 2026-04-20T11:59:44.227Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-6591 |
vulnerable | 2026-06-08 08:07:04.920571 |
ComfyUI LoadImage Node folder_paths.py folder_paths.get_annotated_filepath path traversal
MEDIUM (4.3)
A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-20T01:00:18.496Z
Updated: 2026-04-20T16:29:10.370Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-6590 |
vulnerable | 2026-06-08 08:07:04.920209 |
ComfyUI Model Preview Endpoint model_manager.py get_model_preview path traversal
MEDIUM (4.3)
A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-20T00:45:11.883Z
Updated: 2026-04-20T14:54:57.999Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-6589 |
vulnerable | 2026-06-08 08:07:04.919658 |
ComfyUI server.py create_origin_only_middleware cross-site request forgery
MEDIUM (4.3)
A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-04-20T00:30:21.353Z
Updated: 2026-04-20T15:02:44.809Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.