Description

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

Related CPE's

Could not find any relations

References

https://github.com/Comfy-Org/ComfyUI-Manager/blob/main/docs/en/v3.38-userdata-security-migration.md

https://github.com/Comfy-Org/ComfyUI-Manager/pull/2338/commits/e44c5cef58fb4973670b86433b9d24d077b44a26

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-420

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2026-01-05T16:15:42.977Z

40 hours ago

Last modified

2026-01-05T20:16:03.063Z

36 hours ago