Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-22777
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-10 Jan, 2026 | 07:16
Updated At-05 Feb, 2026 | 21:02

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Drip Artificial Inc. (ComfyUI)
comfy
>>comfyui-manager>>Versions before 3.39.2(exclusive)
cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:*
Drip Artificial Inc. (ComfyUI)
comfy
>>comfyui-manager>>Versions from 4.0.3(inclusive) to 4.0.5(exclusive)
cpe:2.3:a:comfy:comfyui-manager:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-93Primarysecurity-advisories@github.com
CWE ID: CWE-93
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410security-advisories@github.com
Patch
https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2security-advisories@github.com
Vendor Advisory
Hyperlink: https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2
Source: security-advisories@github.com
Resource:
Vendor Advisory
Change History
0Changes found
Details not found