CVE-2026-6589 | ComfyUI up to 0.13.0 server.py create_origin_only_middleware cross-site request forgery

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability was found in ComfyUI up to 0.13.0. It has been classified as problematic. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery.

This vulnerability is listed as CVE-2026-6589. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6589 | ComfyUI up to 0.13.0 server.py create_origin_only_middleware cross-site request forgery

Post correlati

CVE-2024-12846 | Emlog Pro up to 2.4.1 /admin/link.php siteurl/icon cross site scripting

CVE-2024-50610 | GNU Scientific Library up to 2.8 siman/siman.c gsl_siman_solve_many allocation of resources

CVE-2024-30442 | BoldThemes Bold Page Builder Plugin up to 4.8.0 on WordPress cross site scripting

CVE-2026-1074 | WP App Bar Plugin up to 1.5 on WordPress Setting App_Bar_Settings app-bar-features authorization