Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-6592

CVE-2026-6592: ComfyUI XSS Vulnerability

CVE-2026-6592 is a cross-site scripting flaw in ComfyUI up to version 0.13.0 affecting the getuserdata function in the userdata endpoint. This post covers technical details, affected versions, impact, and mitigation.

Updated:

CVE-2026-6592 Overview

CVE-2026-6592 is a cross-site scripting (XSS) vulnerability affecting ComfyUI versions up to 0.13.0. The flaw resides in the getuserdata function within app/user_manager.py, part of the userdata endpoint component. An authenticated attacker can manipulate input to inject script content that executes in a victim's browser session. The attack is exploitable remotely over the network and requires user interaction to trigger. Public exploit details have been disclosed, and the vendor did not respond to early disclosure outreach. The vulnerability is categorized under [CWE-79] (Improper Neutralization of Input During Web Page Generation).

Critical Impact

Authenticated attackers can inject script payloads that execute in a victim's browser context, enabling session theft, UI manipulation, or pivot to other ComfyUI functionality.

Affected Products

  • ComfyUI versions up to and including 0.13.0
  • The getuserdata function in app/user_manager.py
  • The userdata endpoint component

Discovery Timeline

  • 2026-04-20 - CVE-2026-6592 published to NVD
  • 2026-04-29 - Last updated in NVD database

Technical Details for CVE-2026-6592

Vulnerability Analysis

The vulnerability exists in the getuserdata handler defined in app/user_manager.py. ComfyUI exposes a userdata endpoint that returns user-controlled data to the web interface. The endpoint fails to neutralize HTML and JavaScript metacharacters before rendering content to the client. When an attacker stores a crafted payload in a userdata path or filename, the response triggers script execution in the browser of any user who views or fetches the resource. Because ComfyUI runs as a workflow application that often handles model files, prompts, and credentials, script execution in this context can expose sensitive workflow data and session material.

Root Cause

The root cause is improper output encoding in the getuserdata function. User-supplied data flows from storage to the HTTP response without contextual escaping for HTML or JavaScript output. This pattern matches [CWE-79], where untrusted input is reflected or stored and rendered as active content.

Attack Vector

Exploitation requires network access to a ComfyUI instance and low-privilege authenticated access. The attacker submits a payload through the userdata interface, then waits for a privileged user to retrieve the affected resource. User interaction is required to trigger the script, consistent with the CVSS UI:P designation. No code example is provided here because no verified proof-of-concept code is available in the source data. Public technical details are referenced in the GitHub Gist PoC Repository and VulDB #358227.

Detection Methods for CVE-2026-6592

Indicators of Compromise

  • Userdata files or filenames containing HTML tags such as <script>, <img onerror=>, or <svg onload=>
  • HTTP responses from the /userdata endpoint returning content with executable HTML rather than escaped text
  • Unexpected outbound requests from browser sessions of users who recently accessed ComfyUI userdata resources

Detection Strategies

  • Inspect HTTP traffic to ComfyUI for requests to the userdata endpoint containing script tags or JavaScript URI schemes in parameters or stored content
  • Review app/user_manager.py access logs for repeated getuserdata calls preceding anomalous client-side behavior
  • Scan stored userdata directories for files whose names or contents include HTML control characters

Monitoring Recommendations

  • Enable web server access logging on the ComfyUI host and forward logs to a centralized analytics platform for query and correlation
  • Alert on browser sessions that exhibit unexpected DOM modifications or outbound beacons after interacting with ComfyUI
  • Track ComfyUI version inventory to identify hosts still running 0.13.0 or earlier

How to Mitigate CVE-2026-6592

Immediate Actions Required

  • Restrict network exposure of ComfyUI instances to trusted users and internal networks only
  • Require strong authentication and review which accounts have write access to the userdata endpoint
  • Audit existing userdata stores for previously injected HTML or script content and remove malicious entries

Patch Information

No vendor patch is referenced in the available CVE data. The vendor was contacted prior to public disclosure but did not respond. Monitor the ComfyUI project for updates beyond version 0.13.0 that address the getuserdata output encoding issue, and consult VulDB #358227 for updated remediation status.

Workarounds

  • Place ComfyUI behind a reverse proxy that enforces a strict Content-Security-Policy header to block inline script execution
  • Disable or restrict the userdata endpoint at the proxy layer if it is not required for production workflows
  • Limit ComfyUI to single-user deployments where cross-user XSS is not a viable attack scenario
bash
# Example reverse proxy CSP header to limit inline script execution
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none'; base-uri 'self'" always;

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne