PT-2026-2261 · Comfyui · Comfyui-Manager
D0N9
+1
·
Published
2026-01-10
·
Updated
2026-03-19
·
CVE-2026-22777
CVSS v3.1
7.5
High
| AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ComfyUI-Manager versions prior to 3.39.2
ComfyUI-Manager versions prior to 4.0.5
Description
ComfyUI-Manager, an extension for ComfyUI, is susceptible to arbitrary configuration injection. An attacker can inject special characters into HTTP query parameters, allowing them to add arbitrary configuration values to the
config.ini file. This can result in security setting tampering or modification of application behavior.Recommendations
Update ComfyUI-Manager to version 3.39.2 or later.
Update ComfyUI-Manager to version 4.0.5 or later.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comfyui-Manager