CVE-2026-13493 | AIDC-AI ComfyUI-Copilot up to 2.0.28 Workflow Checkpoint Restore conversation_api.py resource injection (Issue 149)

A vulnerability, which was classified as problematic, was found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers.

This vulnerability appears as CVE-2026-13493. The attack may be performed from remote. In addition, an exploit is available.

The pull request to fix this issue awaits acceptance.

CVE-2026-13493 | AIDC-AI ComfyUI-Copilot up to 2.0.28 Workflow Checkpoint Restore conversation_api.py resource injection (Issue 149)

Post correlati

CVE-2025-13710 | Tencent HunyuanVideo load_vae deserialization (ZDI-25-1030)

CVE-2024-3588 | Getwid Plugin up to 2.0.7 on WordPress Countdown cross site scripting

CVE-2025-12337 | Campcodes Retro Basketball Shoes Online Store 1.0 /admin/admin_feature.php pid sql injection

CVE-2024-13614 | Kaspersky Anti-Virus SDK for Windows integer overflow