CVE-2026-22777 - Vulnerability Details

- ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

Description

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5.

Published: 2026-01-10

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An injection flaw in the configuration handler of the ComfyUI‑Manager extension allows an attacker who can manipulate HTTP query parameters to embed malformed or malicious characters. When the handler processes these parameters it writes the values directly to the config.ini file, enabling arbitrary configuration entries to be added or existing ones overridden. The result is tampering with security settings or altering application behavior, potentially compromising confidentiality, integrity, or availability of the system that relies on those configurations.

Affected Systems

Vendors affected include Comfy‑Org’s ComfyUI‑Manager extension. Versions prior to 3.39.2 for the 3.x line and prior to 4.0.5 for the 4.x line are vulnerable.

Risk and Exploitability

The flaw is evaluated with a CVSS score of 7.5, indicating a high severity. Exploitation probability, measured by EPSS, is reported as less than 1%, suggesting that active attacks are rare but not impossible. The vulnerability is not listed in CISA’s KEV catalog. Attackers would need network access to send crafted HTTP requests to the manager’s configuration endpoint, making the vector network-based. If successful, they could modify system behaviour or subvert security controls without needing privileged local access.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Comfy-Org

ComfyUI-Manager

affected

Version	Status	Constraints
`>= 4.0.0, < 4.0.5`	affected	—
`< 3.39.2`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:comfy:comfyui-manager::::::::
	cpe:2.3:a:comfy:comfyui-manager::::::::

No data.

Vendor	Product	Confidence	Versions
Comfy	Comfyui	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade ComfyUI‑Manager to version 3.39.2 or later, or 4.0.5 or later, as the issue is fixed in these releases.
Restrict access to the configuration endpoint through network controls or authentication mechanisms.
Validate and sanitize all HTTP query parameters before processing them.

Generated by OpenCVE AI on April 18, 2026 at 16:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-562r-8445-54r2	ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410
https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2

History

Thu, 05 Feb 2026 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Comfy comfyui-manager
CPEs		cpe:2.3:a:comfy:comfyui-manager::::::::
Vendors & Products		Comfy comfyui-manager

Mon, 12 Jan 2026 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Comfy Comfy comfyui
Vendors & Products		Comfy Comfy comfyui

Mon, 12 Jan 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 10 Jan 2026 06:45:00 +0000

Type	Values Removed	Values Added
Description		ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5.
Title		ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler
Weaknesses		CWE-93
References		https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410 https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}`

Subscriptions

Comfy Comfyui Comfyui-manager

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-01-10T06:43:21.579Z

Updated: 2026-01-12T13:22:32.833Z

Reserved: 2026-01-09T18:27:19.388Z

Link: CVE-2026-22777

Vulnrichment

Updated: 2026-01-12T13:22:28.144Z

NVD

Status : Analyzed

Published: 2026-01-10T07:16:03.680

Modified: 2026-02-05T21:02:05.997

Link: CVE-2026-22777

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T16:45:05Z

Weaknesses

CWE-93

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object