CVE-2026-6591 Overview
A path traversal vulnerability has been identified in ComfyUI versions up to and including 0.13.0. The vulnerability exists in the folder_paths.get_annotated_filepath function within the folder_paths.py file, specifically affecting the LoadImage Node component. By manipulating the Name argument, an attacker can traverse the file system and potentially access files outside of the intended directory structure. This vulnerability can be exploited remotely, and a proof-of-concept exploit has been publicly disclosed.
Critical Impact
Remote attackers can exploit this path traversal vulnerability to read arbitrary files on the server hosting ComfyUI, potentially exposing sensitive configuration files, credentials, or other confidential data.
Affected Products
- ComfyUI versions up to and including 0.13.0
- Systems running ComfyUI LoadImage Node component
- Deployments exposing ComfyUI to network access
Discovery Timeline
- April 20, 2026 - CVE-2026-6591 published to NVD
- April 22, 2026 - Last updated in NVD database
Technical Details for CVE-2026-6591
Vulnerability Analysis
This vulnerability is classified as CWE-22 (Path Traversal), a weakness that occurs when software uses external input to construct a pathname intended to identify a file or directory within a restricted parent directory, but fails to properly neutralize special elements that can cause the pathname to resolve to a location outside of that directory.
In ComfyUI, the folder_paths.get_annotated_filepath function processes user-supplied input for the Name parameter without adequately sanitizing path traversal sequences. This allows an attacker to craft malicious input containing directory traversal characters (such as ../) to escape the intended directory context and access files elsewhere on the file system.
The vulnerability is remotely exploitable, requiring only low privileges to execute. While the attack does not directly impact system integrity or availability, it enables unauthorized read access to confidential data on the target system.
Root Cause
The root cause of this vulnerability lies in insufficient input validation within the folder_paths.py file. The get_annotated_filepath function fails to sanitize or validate the Name argument before using it in file path operations. Specifically, the function does not:
- Filter or reject path traversal sequences such as ../ or ..\\
- Validate that the resolved path remains within the expected directory boundary
- Implement proper canonicalization of the file path before access
This oversight allows malicious actors to manipulate the file path and access files outside the designated image upload directory.
Attack Vector
The attack is conducted remotely over the network by interacting with ComfyUI's LoadImage Node functionality. An authenticated attacker with low-level privileges can exploit this vulnerability by:
- Submitting a crafted request to the LoadImage Node endpoint
- Including path traversal sequences in the Name parameter (e.g., ../../etc/passwd)
- The vulnerable get_annotated_filepath function processes the malicious input
- The application reads and returns the contents of the traversed file
The vulnerability enables attackers to read sensitive files such as configuration files, application source code, or credential stores accessible to the ComfyUI process.
A proof-of-concept for this vulnerability has been published. For technical details, refer to the GitHub Gist PoC Repository and the VulDB Vulnerability Entry.
Detection Methods for CVE-2026-6591
Indicators of Compromise
- Web server logs containing requests with path traversal sequences (../, ..\\, %2e%2e%2f) in LoadImage Node parameters
- Unusual file access attempts outside the ComfyUI input/output directories
- Error logs indicating file access failures for system files or configuration paths
- Network traffic containing encoded or obfuscated path traversal patterns targeting ComfyUI endpoints
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block path traversal patterns in HTTP requests
- Configure intrusion detection systems (IDS) to alert on requests containing ../ sequences or URL-encoded equivalents
- Monitor ComfyUI application logs for file access requests that reference paths outside expected directories
- Deploy file integrity monitoring on sensitive directories to detect unauthorized access attempts
Monitoring Recommendations
- Enable verbose logging in ComfyUI to capture all file access operations with full path information
- Configure SIEM rules to correlate multiple path traversal attempts from the same source IP
- Monitor system-level file access events for the ComfyUI process accessing files outside its working directory
- Implement anomaly detection for unusual file read patterns by the web application user account
How to Mitigate CVE-2026-6591
Immediate Actions Required
- Restrict network access to ComfyUI instances to trusted networks only until a patch is available
- Implement input validation at the network perimeter using a WAF to block path traversal patterns
- Review and restrict file system permissions for the user account running ComfyUI
- Audit recent access logs for signs of exploitation attempts
Patch Information
As of the last update on April 22, 2026, the vendor (ComfyUI) has not released a security patch for this vulnerability. The vendor was contacted about this disclosure but did not respond. Organizations should monitor the official ComfyUI repository for security updates and apply patches immediately when available.
For additional vulnerability intelligence, consult the VulDB CTI Entry.
Workarounds
- Deploy a reverse proxy with strict input validation to filter path traversal sequences before requests reach ComfyUI
- Implement application-level sandboxing to restrict file system access to only necessary directories
- Use containerization with restricted volume mounts to limit the files accessible to the ComfyUI application
- Apply network segmentation to isolate ComfyUI instances from sensitive internal systems
# Example nginx configuration to block path traversal attempts
location /comfyui/ {
# Block requests containing path traversal sequences
if ($request_uri ~* "\.\.") {
return 403;
}
# Block URL-encoded path traversal
if ($request_uri ~* "%2e%2e") {
return 403;
}
proxy_pass http://localhost:8188/;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
