Improper Resource Identifier Control in ComfyUI-Copilot

Executive Summary

CVE-2026-13493 is a security flaw in AIDC-AI ComfyUI-Copilot up to version 2.0.28, specifically in the workflow checkpoint restore functionality. The vulnerability arises because the system uses only a raw integer version_id to restore saved workflow checkpoints without verifying if the requester owns or is authorized to access that checkpoint.

This lack of ownership validation allows an attacker to supply another user's version_id and retrieve their saved workflow data, including sensitive information such as private prompts and UI configurations. The checkpoint restore process does not bind the checkpoint to the caller's session, user, tenant, or permission context, enabling cross-tenant data exposure.

The vulnerability can be exploited remotely but requires a high level of complexity and is considered difficult to exploit. A proof-of-concept shows that an attacker can restore another user's checkpoint simply by knowing their version_id.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability CVE-2026-13493 allows unauthorized cross-tenant access to private workflow checkpoints, which may include sensitive information such as private prompts and UI configurations. This unauthorized data exposure can lead to violations of data protection principles required by standards like GDPR and HIPAA, which mandate strict controls over personal and sensitive data access and processing.

Because the vulnerability enables attackers to retrieve another user's saved workflow data without proper authorization or ownership validation, it undermines confidentiality and access control requirements. This could result in non-compliance with regulations that require ensuring data privacy, user consent, and secure handling of personal or sensitive information.

Remediation involves binding checkpoint records to authenticated principals and enforcing authorization checks, which aligns with compliance requirements for data access controls and auditability.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized access to private workflow checkpoints belonging to other users. An attacker can retrieve sensitive workflow data such as private prompts, UI configurations, and other saved artifacts by exploiting the lack of ownership validation.

The impact includes cross-tenant data exposure, where one user can access another user's data without permission. This can result in privacy breaches, data leakage, and potential misuse of sensitive information.

Additionally, the vulnerability is persistent because exposed workflow checkpoints remain accessible until the database is cleared or migrated, increasing the risk of ongoing unauthorized data access.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves unauthorized access to workflow checkpoints by exploiting unscoped restore requests that do not validate session or ownership. Detection involves monitoring for unusual or unauthorized restore requests to the checkpoint restore endpoint, especially those that include version_id parameters that do not belong to the requesting user or session.

Since the vulnerability is related to the backend API endpoint handling checkpoint restore requests, network or system detection can focus on inspecting API calls to the conversation_api.py component or the checkpoint restore endpoint for suspicious activity.

Suggested commands or approaches include:

• Use network traffic analysis tools (e.g., tcpdump, Wireshark) to capture and filter HTTP requests to the checkpoint restore API endpoint, looking for requests with version_id parameters.
• On the server, enable detailed logging of checkpoint restore API calls, including user/session identifiers and requested version_id values, to identify mismatches or unauthorized access attempts.
• Use grep or similar tools to search server logs for restore requests that include version_id values accessed by multiple different sessions or users.
• Example command to search logs for restore requests: grep 'restore' /path/to/server/logs | grep 'version_id='
• Monitor for API requests missing the X-Session-ID header or with inconsistent session IDs, as the fix involves enforcing this header.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable checkpoint restore functionality and monitoring for unauthorized access attempts.

Since the official fix is pending acceptance, you can:

• Apply the patch from the pull request that enforces session ID scoping on checkpoint restore and update operations, ensuring that restore requests include the X-Session-ID header and that the backend validates ownership.
• If applying the patch is not immediately possible, restrict network access to the checkpoint restore API endpoint to trusted users or internal networks only.
• Implement additional access controls or authentication checks around the checkpoint restore functionality to prevent unauthorized requests.
• Invalidate or migrate existing workflow checkpoint data to remove unscoped records that could be accessed by unauthorized users.
• Monitor logs and network traffic for suspicious restore requests and respond promptly to any detected unauthorized access.

Useful 0 Not Useful 0