PT-2026-33660 · Comfyui · Comfyui
Eric-C
·
Published
2026-04-20
·
Updated
2026-04-20
·
CVE-2026-6591
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ComfyUI versions prior to 0.13.0
Description
A path traversal flaw exists in the LoadImage Node component within the
folder paths.get annotated filepath() function of the folder paths.py file. This issue occurs due to improper manipulation of the Name argument, allowing for remote exploitation.Recommendations
Update to a version later than 0.13.0.
As a temporary workaround, restrict access to the
folder paths.get annotated filepath() function until the update is applied.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comfyui