CVE-2026-6590 Overview
A path traversal vulnerability has been identified in ComfyUI versions up to 0.13.0. This security flaw exists within the get_model_preview function located in the file app/model_manager.py, which is part of the Model Preview Endpoint component. The vulnerability allows attackers to manipulate input parameters to traverse directory structures and potentially access files outside the intended directory scope.
Critical Impact
Remote attackers can exploit this path traversal vulnerability to read arbitrary files on systems running vulnerable versions of ComfyUI, potentially exposing sensitive configuration files, credentials, or other confidential data.
Affected Products
- ComfyUI versions up to 0.13.0
- Systems running the vulnerable Model Preview Endpoint component
- Deployments with network-accessible ComfyUI instances
Discovery Timeline
- 2026-04-20 - CVE-2026-6590 published to NVD
- 2026-04-22 - Last updated in NVD database
Technical Details for CVE-2026-6590
Vulnerability Analysis
This path traversal vulnerability (CWE-22) affects the Model Preview Endpoint in ComfyUI, specifically within the get_model_preview function. The vulnerability stems from insufficient input validation when processing file path parameters, allowing attackers to use directory traversal sequences (such as ../) to escape the intended directory context.
The exploitation requires network access and low-privilege authentication. Successful exploitation results in unauthorized read access to files on the target system. According to available threat intelligence, a proof-of-concept exploit has been publicly disclosed, increasing the risk of active exploitation.
The vendor was contacted about this disclosure but did not respond, leaving affected users without official guidance or patches at this time.
Root Cause
The root cause of this vulnerability lies in improper input sanitization within the get_model_preview function in app/model_manager.py. The function fails to adequately validate or sanitize user-supplied file path inputs before processing them, allowing malicious path traversal sequences to be interpreted by the underlying file system operations.
Path traversal vulnerabilities typically occur when applications construct file paths using untrusted input without proper canonicalization or boundary checks. In this case, the Model Preview Endpoint accepts model identifiers or paths that are directly used in file system operations without stripping or blocking traversal characters.
Attack Vector
The attack can be launched remotely against network-accessible ComfyUI instances. An authenticated attacker with low privileges can craft malicious requests to the Model Preview Endpoint containing path traversal sequences. These sequences allow the attacker to navigate outside the intended model directory and access arbitrary files readable by the ComfyUI process.
The vulnerability enables confidentiality breaches through unauthorized file reads. Attackers may target sensitive files such as configuration files, environment variables, API keys, or other application data stored on the system.
For detailed technical information about the exploitation technique, see the GitHub Gist PoC published by the security researcher.
Detection Methods for CVE-2026-6590
Indicators of Compromise
- Unusual requests to the Model Preview Endpoint containing ../ or encoded traversal sequences
- Unexpected file access attempts logged by the ComfyUI application outside the model directories
- Access logs showing requests attempting to retrieve system files like /etc/passwd or configuration files
- Network traffic to ComfyUI instances with suspicious path patterns in HTTP requests
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block path traversal patterns in incoming requests
- Monitor ComfyUI application logs for error messages related to file access outside expected directories
- Deploy intrusion detection systems (IDS) with signatures for common path traversal attack patterns
- Review access logs for anomalous requests to the /model_manager or preview endpoints
Monitoring Recommendations
- Enable verbose logging for the ComfyUI application to capture all file access operations
- Set up alerts for any file access attempts outside the designated model storage directories
- Monitor for reconnaissance activities targeting ComfyUI endpoints
- Track failed authentication attempts that may precede exploitation
How to Mitigate CVE-2026-6590
Immediate Actions Required
- Restrict network access to ComfyUI instances to trusted networks or users only
- Implement a web application firewall with rules to block path traversal sequences
- Consider disabling the Model Preview Endpoint if not required for operations
- Review and audit any exposed ComfyUI deployments for signs of exploitation
Patch Information
At the time of disclosure, the vendor has not responded to security communications and no official patch is available. Users should monitor the official ComfyUI repository for security updates and apply patches immediately when released. For the latest vulnerability details, refer to the VulDB Vulnerability Entry.
Workarounds
- Deploy a reverse proxy with strict input validation to filter malicious path traversal sequences before they reach ComfyUI
- Implement network-level access controls to limit who can reach the ComfyUI Model Preview Endpoint
- Run ComfyUI in a containerized environment with minimal file system access to reduce the impact of successful exploitation
- Apply file system permissions to restrict the ComfyUI process from accessing sensitive directories
# Example: Configure a reverse proxy rule to block path traversal
# Nginx configuration snippet
location /model_manager {
# Block common path traversal patterns
if ($request_uri ~* "\.\.") {
return 403;
}
# Restrict access to trusted networks
allow 10.0.0.0/8;
deny all;
proxy_pass http://localhost:8188;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
