CVE-2025-67303

High CVSS: 7.5

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

Vendor

Comfy

Product

Comfyui-manager

CWE

CWE-420

Yayın Tarihi

2026-01-05 16:15:42

Güncelleme

2026-01-30 01:31:37

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-420 Comfyui-manager HIGH Comfy 2026

Referanslar

https://github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.md https://github.com/Comfy-Org/ComfyUI-Manager/pull/2338/commits/e44c5cef58fb4973670b86433b9d24d077b44a26

Benzer Kayıtlar

High

CVE-2026-22777

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an att…

High

CVE-2024-12882

comfyanonymous/comfyui version v0.2.4 suffers from a non-blind Server-Side Request Forgery (SSRF) vulnerability. This vu…

Medium

CVE-2024-10481

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host…