| Title | comfyanonymous ComfyUI <= 0.13.0 (commit 6648ab68) Path Traversal (CWE-22) |
|---|
| Description | # Technical Details
A Path Traversal vulnerability exists in the `get_model_preview` handler in `app/model_manager.py` of ComfyUI.
The endpoint `/experiment/models/preview/{folder}/{path_index}/{filename:.*}` uses the `{filename:.*}` wildcard pattern which matches any characters including `/` and `..`. The user-supplied filename is passed directly to `os.path.join(folder, filename)` without any path containment check, allowing an absolute path injection via URL-encoded slash `%2f`.
# Vulnerable Code
File: app/model_manager.py (lines 52-77)
Method: get_model_preview
Why: `full_filename = os.path.join(folder, filename)` — when `filename` starts with `/` (via `%2f` URL encoding decoded by aiohttp), `os.path.join()` discards the folder prefix entirely, returning the absolute attacker-controlled path. The similar `/view` endpoint was previously patched with `os.path.commonpath()` (commit b1294fa4), but this endpoint was never patched.
# Reproduction
1. Place any image outside the models directory (e.g., /tmp/secret.png).
2. Exploit via URL-encoded slash:
curl -o exfiltrated.webp "http://TARGET:8188/experiment/models/preview/checkpoints/0/%2ftmp/secret_preview"
3. The server returns the image re-encoded as WEBP (HTTP 200 with Content-Type: image/webp).
# Impact
- Arbitrary image file read: Reads PNG, JPEG, WebP, GIF, BMP, TIFF files from anywhere on the server filesystem.
- File existence oracle: HTTP 200 vs 404 reveals whether image files exist at arbitrary paths.
- No authentication is required.
|
|---|
| Source | ⚠️ https://gist.github.com/YLChen-007/b46c4cfef1643df14ed73e278129af2c |
|---|
| User | Eric-c (UID 96848) |
|---|
| Submission | 03/27/2026 13:30 (24 days ago) |
|---|
| Moderation | 04/19/2026 11:44 (23 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 358225 [ComfyUI up to 0.13.0 Model Preview Endpoint app/model_manager.py get_model_preview path traversal] |
|---|
| Points | 20 |
|---|