Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-21575

CVE-2024-21575: ComfyUI-Impact-Pack Path Traversal Flaw

CVE-2024-21575 is a path traversal vulnerability in ComfyUI-Impact-Pack that allows attackers to write arbitrary files, potentially leading to remote code execution. This post covers the technical details, affected versions, and mitigation.

Published:

CVE-2024-21575 Overview

CVE-2024-21575 is a path traversal vulnerability in ComfyUI-Impact-Pack, an extension for the ComfyUI generative AI workflow platform. The flaw resides in the /upload/temp HTTP endpoint registered by the extension, which fails to validate the image.filename field in incoming POST requests. An unauthenticated remote attacker can supply a crafted filename containing traversal sequences to write arbitrary files anywhere the server process can reach. Under specific deployment conditions, this primitive escalates from arbitrary file write to remote code execution (RCE). The issue is classified under CWE-35: Path Traversal: '.../...//'.

Critical Impact

Unauthenticated attackers can write arbitrary files to the host filesystem through the /upload/temp endpoint, enabling code execution against exposed ComfyUI instances.

Affected Products

  • ComfyUI-Impact-Pack extension versions prior to V7.6.2
  • ComfyUI installations with the Impact-Pack extension installed
  • Any host running a vulnerable ComfyUI server reachable over the network

Discovery Timeline

  • 2024-12-12 - CVE-2024-21575 published to NVD
  • 2026-04-15 - Last updated in NVD database

Technical Details for CVE-2024-21575

Vulnerability Analysis

The ComfyUI-Impact-Pack extension registers an aiohttp route handler at /upload/temp via PromptServer.instance.routes.post. The handler reads the multipart image field, takes the client-supplied image.filename value verbatim, and joins it with the server's temporary upload directory using os.path.join. Because Python's os.path.join discards prior path components when an absolute path is supplied, and traversal sequences such as ../ are not stripped, an attacker controls the final write location. The handler then opens the resulting path with open(filepath, "wb") and writes the uploaded payload. Successful exploitation typically requires no authentication and a single HTTP request. With CWE-35 mechanics, attackers can overwrite Python source files, scheduled task scripts, or configuration files consumed by the ComfyUI process to achieve RCE. The EPSS score of 1.323% reflects measurable exploitation interest against exposed AI tooling.

Root Cause

The root cause is missing input validation on a user-controlled filename used in a filesystem write. The handler trusts image.filename and performs no normalization, allow-listing, or containment check against upload_dir. Calls such as os.path.join(upload_dir, filename) do not constrain output to the intended directory when filename contains .. segments or absolute paths.

Attack Vector

Exploitation requires network access to the ComfyUI server and the ability to send a multipart POST request to /upload/temp. The attacker submits a file with a filename such as ../../../../etc/cron.d/payload or a path overwriting a Python module loaded by ComfyUI. No credentials, user interaction, or prior foothold are required.

python
# Vulnerable handler removed in the security patch (modules/impact/impact_server.py)
from server import PromptServer


-@PromptServer.instance.routes.post("/upload/temp")
-async def upload_image(request):
-    upload_dir = folder_paths.get_temp_directory()
-
-    if not os.path.exists(upload_dir):
-        os.makedirs(upload_dir)
-    
-    post = await request.post()
-    image = post.get("image")
-
-    if image and image.file:
-        filename = image.filename
-        if not filename:
-            return web.Response(status=400)
-
-        split = os.path.splitext(filename)
-        i = 1
-        while os.path.exists(os.path.join(upload_dir, filename)):
-            filename = f"{split[0]} ({i}){split[1]}"
-            i += 1
-
-        filepath = os.path.join(upload_dir, filename)
-
-        with open(filepath, "wb") as f:
-            f.write(image.file.read())
-        
-        return web.json_response({"name": filename})

Source: GitHub Commit a43dae3. The patch removes the unsafe handler entirely rather than retrofitting validation.

Detection Methods for CVE-2024-21575

Indicators of Compromise

  • HTTP POST requests to /upload/temp containing filename values with ../, ..\, URL-encoded traversal sequences (%2e%2e%2f), or absolute paths.
  • Unexpected file creations or modifications outside the ComfyUI temp directory, especially in Python site-packages, startup directories, or cron paths.
  • New or modified .py files in ComfyUI extension directories with recent write timestamps not tied to deployment activity.

Detection Strategies

  • Inspect web server and reverse proxy access logs for requests to /upload/temp and correlate with multipart upload payloads.
  • Apply file integrity monitoring (FIM) on ComfyUI install paths, Python module directories, and any directory writable by the ComfyUI process user.
  • Hunt for process executions spawned by the ComfyUI Python process that deviate from a known baseline of workflow operations.

Monitoring Recommendations

  • Alert on writes by the ComfyUI process to paths outside its designated temp and output directories.
  • Capture network telemetry for ComfyUI hosts to identify direct internet exposure of the /upload/temp route.
  • Review extension version inventories regularly to confirm Impact-Pack is at V7.6.2 or later across all ComfyUI deployments.

How to Mitigate CVE-2024-21575

Immediate Actions Required

  • Upgrade ComfyUI-Impact-Pack to version V7.6.2 or later, which removes the vulnerable /upload/temp handler.
  • Restrict network exposure of ComfyUI servers; place them behind authenticated reverse proxies or VPN access only.
  • Audit ComfyUI install directories for unauthorized file modifications since the extension was first deployed.

Patch Information

The maintainer published the fix in commit a43dae3, bumping version_code from [7, 6, 1] to [7, 6, 2] in modules/impact/config.py and deleting the upload_image route handler in modules/impact/impact_server.py. Review the vulnerable source location to confirm the affected code path was present in your prior install.

Workarounds

  • If upgrading immediately is not possible, block requests to /upload/temp at the reverse proxy or web application firewall layer.
  • Run ComfyUI under a low-privilege service account with a read-only filesystem outside designated working directories.
  • Disable or uninstall ComfyUI-Impact-Pack on internet-exposed instances until the patched version is in place.
bash
# Example nginx rule to block the vulnerable endpoint until patching is complete
location = /upload/temp {
    return 403;
}

# Verify installed Impact-Pack version
grep -R "version_code" /path/to/ComfyUI/custom_nodes/ComfyUI-Impact-Pack/modules/impact/config.py

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne