CVE-2026-6590 | ComfyUI up to 0.13.0 Model Preview Endpoint app/model_manager.py get_model_preview path traversal

Inserito da Angelo Barbosa | Apr 19, 2026 | CVE

A vulnerability was found in ComfyUI up to 0.13.0. It has been declared as critical. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal.

This vulnerability is cataloged as CVE-2026-6590. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6590 | ComfyUI up to 0.13.0 Model Preview Endpoint app/model_manager.py get_model_preview path traversal

Post correlati

CVE-2025-6343 | code-projects Online Shoe Store 1.0 /admin/admin_product.php pid sql injection

VDB-278460 | Google Bazel config

CVE-2025-47811 | wftpserver Wing FTP Server up to 7.4.4 Administrative Web Interface privilege defined with unsafe actions

CVE-2024-7572 | Ivanti Desktop and Server Management 2022.1 Service Update 1/2022.2 Service Update 3 File permission assignment