Comfyui · Comfyui-Manager · CVE-2026-22777
**Name of the Vulnerable Software and Affected Versions**
ComfyUI-Manager versions prior to 3.39.2
ComfyUI-Manager versions prior to 4.0.5
**Description**
ComfyUI-Manager, an extension for ComfyUI, is susceptible to arbitrary configuration injection. An attacker can inject special characters into HTTP query parameters, allowing them to add arbitrary configuration values to the `config.ini` file. This can result in security setting tampering or modification of application behavior.
**Recommendations**
Update ComfyUI-Manager to version 3.39.2 or later.
Update ComfyUI-Manager to version 4.0.5 or later.