CNNVD-202601-1731 Information
CNNVD ID
CNNVD-202601-1731
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
ComfyUI-Manager是Dr.Lt.Data个人开发者的一款旨在增强 ComfyUI 可用性的扩展程序。 ComfyUI-Manager 3.39.2之前版本和4.0.5之前版本存在注入漏洞,该漏洞源于攻击者可以向HTTP查询参数注入特殊字符以向config.ini文件添加任意配置值,可能导致安全设置篡改或应用程序行为修改。
Description (English)
ComfyUI-Manager is an extended program by Dr. Ltd. Data Personal Developer to enhance the availability of ComfyUI. ComfyUI-Manager 3.39.2 and before 4.0.5 have an injection loophole, which stems from the fact that the assailant can inject special characters into HTTP query parameters to add any configuration value to the config.ini file, which may lead to security settings being tampered with or application behaviour modified.
Hazard Level
Medium
Vulnerability Type
注入
Affected Vendor
个人开发者
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410 https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2
Patch
https://github.com/Comfy-Org/ComfyUI-Manager
Share on: