CVE-2026-6591
Path Traversal in ComfyUI LoadImage Node Enables Remote Exploit
Publication date: 2026-04-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| comfyui | comfyui | to 0.13.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in ComfyUI up to version 0.13.0, specifically in the function folder_paths.get_annotated_filepath within the file folder_paths.py of the LoadImage Node component.
The issue arises from manipulation of the argument 'Name' which leads to a path traversal vulnerability. This means an attacker can craft input to access files and directories outside the intended scope.
The vulnerability can be exploited remotely, and an exploit has already been published.
How can this vulnerability impact me? :
This vulnerability allows an attacker to perform path traversal, potentially accessing unauthorized files on the system where ComfyUI is running.
Since the exploit can be executed remotely, it increases the risk of unauthorized data exposure or manipulation.
However, the CVSS scores indicate a relatively low severity, with limited impact on confidentiality and no impact on integrity or availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-6591 allows unauthenticated remote attackers to perform arbitrary file existence checks and exfiltrate image files from the affected ComfyUI server. This can lead to unauthorized access to sensitive data stored on the server.
Such unauthorized data exposure and potential leakage can negatively impact compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and disclosure.
Specifically, the vulnerability enables attackers to bypass input validation and path restrictions, potentially exposing confidential files, which could result in violations of confidentiality and data protection requirements mandated by these regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to probe arbitrary file existence and exfiltrate image files via the `/prompt` API of ComfyUI. An attacker can send crafted POST requests to the `/prompt` endpoint with payloads specifying path traversal filenames to check if files exist on the server.
A proof of concept (PoC) bash script demonstrates detection by:
- Clearing cache
- Sending a POST request to probe for the existence of `/etc/passwd`
- Sending a POST request to probe a non-existent file to observe different HTTP status codes
- Attempting to exfiltrate an image file from a known location (e.g., `/tmp/secret_image.png`) via chaining `LoadImage` and `PreviewImage` nodes
The server responds with HTTP 200 if the file exists and HTTP 400 if it does not, allowing detection by observing these response codes.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-6591 vulnerability, immediate steps include restricting or disabling access to the vulnerable `/prompt` API endpoint to prevent unauthenticated remote exploitation.
Implement strict input validation and path containment checks on any user-supplied file paths to ensure they cannot escape the intended directory.
If possible, restrict network access to the ComfyUI service to trusted users only, reducing exposure to unauthenticated attackers.
Monitor and audit server logs for suspicious requests attempting path traversal patterns.
Since no patched versions are available at the time of the report, consider applying custom patches or workarounds to the vulnerable functions, such as enforcing directory confinement in `get_annotated_filepath`.