Submit #791112: comfyanonymous ComfyUI <= 0.13.0 (commit 6648ab68) Path Traversal (CWE-22)info

Titelcomfyanonymous ComfyUI <= 0.13.0 (commit 6648ab68) Path Traversal (CWE-22)
Beschreibung# Technical Details A Path Traversal vulnerability exists in the `get_annotated_filepath` function in `folder_paths.py` of ComfyUI. The `POST /prompt` API accepts `../` sequences in the LoadImage node's `image` input field. These are passed to `os.path.join(base_dir, name)` without path containment checks in `folder_paths.get_annotated_filepath()`. The combo list validation (which should restrict filenames to the input directory) is bypassed because LoadImage defines `VALIDATE_INPUTS` with `image` as a parameter, causing execution.py to skip the combo check. # Vulnerable Code File: folder_paths.py (lines 259-268) Method: get_annotated_filepath Why: `os.path.join("/comfyui/input", "../../../etc/shadow_image")` resolves to `/etc/shadow_image`. The protected `get_full_path()` uses `os.path.relpath()` for containment — but `get_annotated_filepath()` has no such check. The `VALIDATE_INPUTS` in nodes.py only checks file existence, not path confinement. # Reproduction 1. Submit a crafted workflow via POST /prompt with path traversal in the LoadImage image field: {"image": "../../../tmp/secret.png", "upload": "image"} 2. File existence oracle: HTTP 200 (file exists) vs HTTP 400 (file not found). 3. Chain with PreviewImage → /view to exfiltrate the image content. # Impact - File existence oracle: Probe existence of SSH keys, config files, database paths via HTTP status codes. - Image file exfiltration: Read any image from anywhere on the server filesystem by chaining LoadImage → PreviewImage → /view. - Affects multiple nodes: LoadImage, LoadImageMask, LoadImageOutput, LoadLatent, LoadAudio, LoadVideo, Load3D, Load3DAnimation. - No authentication required.
Quelle⚠️ https://gist.github.com/YLChen-007/1e6db39703626dc5c1a2505426754333
Benutzer
 Eric-c (UID 96848)
Einreichung27.03.2026 13:31 (vor 25 Tagen)
Moderieren19.04.2026 11:44 (23 days later)
StatusAkzeptiert
VulDB Eintrag358226 [ComfyUI bis 0.13.0 LoadImage Node folder_paths.py folder_paths.get_annotated_filepath Name Directory Traversal]
Punkte20

ZurückÜbersichtWeiter

Might our Artificial Intelligence support you?

Check our Alexa App!