FKIE_CVE-2026-22777

Vulnerability from fkie_nvd - Published: 2026-01-10 07:16 - Updated: 2026-02-05 21:02
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5.
References
security-advisories@github.comhttps://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410Patch
security-advisories@github.comhttps://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2Vendor Advisory
Impacted products
Vendor Product Version
comfy comfyui-manager *
comfy comfyui-manager *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A013F11E-DEAA-4DA0-97EE-667AEDE64317",
              "versionEndExcluding": "3.39.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "739DC981-BB57-45A4-A8CB-1CF26CA53EB2",
              "versionEndExcluding": "4.0.5",
              "versionStartIncluding": "4.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5."
    },
    {
      "lang": "es",
      "value": "ComfyUI-Manager es una extensi\u00f3n dise\u00f1ada para mejorar la usabilidad de ComfyUI. Antes de las versiones 3.39.2 y 4.0.5, un atacante puede inyectar caracteres especiales en los par\u00e1metros de consulta HTTP para a\u00f1adir valores de configuraci\u00f3n arbitrarios al archivo config.ini. Esto puede llevar a la manipulaci\u00f3n de la configuraci\u00f3n de seguridad o a la modificaci\u00f3n del comportamiento de la aplicaci\u00f3n. Este problema ha sido parcheado en las versiones 3.39.2 y 4.0.5."
    }
  ],
  "id": "CVE-2026-22777",
  "lastModified": "2026-02-05T21:02:05.997",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-10T07:16:03.680",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-93"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.