CNNVD-202601-865 Information
CNNVD ID
CNNVD-202601-865
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
ComfyUI-Manager是Comfy Org开源的一款旨在增强 ComfyUI 可用性的扩展程序。 ComfyUI-Manager 3.38之前版本存在安全漏洞,该漏洞源于文件存储位置保护不足,攻击者利用该漏洞可以篡改配置与关键数据。
Description (English)
ComfyUI-Manager is an extension of the ComfyUI Open Source to enhance the availability of ComfyUI. The previous version of ComfyUI-Manager 3.38 had a security loophole, which stemmed from the inadequate protection of the document ’ s storage location, which was used by the attackers to tamper with configuration and key data.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Comfy Org
Published
2026-01-05
Last Modified
2026-02-24
References
https://github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.md https://github.com/Comfy-Org/ComfyUI-Manager/pull/2338/commits/e44c5cef58fb4973670b86433b9d24d077b44a26 https://access.redhat.com/security/cve/cve-2025-67303
Patch
https://github.com/Comfy-Org/ComfyUI-Manager/tags
Share on: