The vulnerability identified as CVE-2026-22777 affects ComfyUI-Manager, a usability extension for ComfyUI. This vulnerability allows attackers to inject special characters into HTTP query parameters, which can lead to unauthorized changes in the configuration file (config.ini). This manipulation can compromise security settings and alter application behavior significantly. With a CVSS score of 7.5, this vulnerability is classified as high severity, indicating a significant risk to organizations that have not yet applied the necessary patches.
Given the potential for security setting tampering and modification of application behavior, it is essential for organizations utilizing ComfyUI-Manager to prioritize the deployment of patches released in versions 3.39.2 and 4.0.5. Failure to address this vulnerability may result in unauthorized access and manipulation of critical application functions.
As of now, the vulnerability is not actively exploited in the wild, and there are no known public exploits. However, the potential for exploitation exists, and organizations should remain vigilant against any emerging threats. The urgency for defenders is high, and immediate action is recommended to mitigate risks.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)