ComfyUI up to version 0.13.0 contains vulnerabilities that allow for cross-site scripting and path traversal attacks.

🚨 EUVD-2026-23739 📊 Score: 5.1/10 (CVSS v3.1) 📦 Product: comfyui, comfyui, comfyui (+10 more) 📅 Updated: 2026-04-20 📝 A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be c... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23739 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23733 📊 Score: 5.3/10 (CVSS v3.1) 📦 Product: comfyui, comfyui, comfyui (+10 more) 📅 Updated: 2026-04-20 📝 A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal. The attack may be launched remo... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23733 #cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-23737 📊 Score: 5.1/10 (CVSS v3.1) 📦 Product: comfyui, comfyui, comfyui (+10 more) 📅 Updated: 2026-04-20 📝 A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can ... 🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23737 #cybersecurity #infosec #euvd #cve #vulnerability