| 标题 | ComfyUI ComfyUI-Manager <= v3.35.0 9.8 (CRITICAL) |
|---|
| 描述 | ComfyUI-Manager prior to v3.38.0 contains a critical authentication bypass vulnerability that allows unauthenticated attackers to achieve Remote Code Execution (RCE) on the underlying server.
The vulnerability arises from an insecure file path configuration where the Manager stores configuration files in the `user/default/ComfyUI-Manager/` directory. The `default` user directory is accessible via the `/userdata` API endpoint without authentication. An attacker can:
1. Upload a malicious snapshot file containing arbitrary Git repository URLs
2. Trigger the snapshot restoration process
3. Upon ComfyUI restart, the Manager automatically clones the specified Git repository and executes any `install.py` script found within |
|---|
| 来源 | ⚠️ https://github.com/nn0nkey/nn0nkey/blob/main/comfy.md |
|---|
| 用户 | nn0nkey (UID 74287) |
|---|
| 提交 | 2026-01-09 10時14分 (5 月前) |
|---|
| 管理 | 2026-01-11 10時38分 (2 days later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 339553 [ComfyUI-Manager 直到 3.37 Web Interface 权限提升] |
|---|
| 积分 | 0 |
|---|