GHSA-562r-8445-54r2

Source

https://github.com/advisories/GHSA-562r-8445-54r2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-562r-8445-54r2/GHSA-562r-8445-54r2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-562r-8445-54r2

Aliases

CVE-2026-22777

Published

2026-01-13T19:02:52Z

Modified

2026-02-03T03:01:08.280326Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

Details

Impact

Vulnerability Type: CRLF Injection via ConfigParser

An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior.

Affected Users: Users running ComfyUI-Manager in environments where ComfyUI is configured with the --listen option to allow remote access.

CVSS Score: 7.5 (High)

Patches

Fixed in the following versions: - 3.39.2 (v3.x branch) - 4.0.5 (v4.x branch)

Sanitization logic was added to the write_config() function to remove CRLF and NULL characters from all string values.

Workarounds

If upgrading is not possible: - Run ComfyUI-Manager only on trusted networks - Block external access via firewall - Run on localhost only without the --listen option

References

Credit

This vulnerability was reported by: - 李存义 xiaoheihei1107@gmail.com - D0n9 Li wyd0n9@gmail.com - Swings swing@mail.exp.sh - Osword from SGLAB of Legendsec at Qi'anxin Group zhzhdoai@gmail.com

Database specific

{
    "cwe_ids": [
        "CWE-93"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2026-01-10T07:16:03Z",
    "severity": "HIGH",
    "github_reviewed_at": "2026-01-13T19:02:52Z"
}

References

Affected packages

PyPI / comfy-cli

Package

Name: comfy-cli; View open source insights on deps.dev
Purl: pkg:pypi/comfy-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-562r-8445-54r2/GHSA-562r-8445-54r2.json"

last_known_affected_version_range

"<= 4.0.4"

PyPI / comfy-cli

Package

Name: comfy-cli; View open source insights on deps.dev
Purl: pkg:pypi/comfy-cli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.39.2

Affected versions

0.*

0.0.8

0.0.9

0.0.10

0.0.11

0.0.12

0.0.13

0.0.14

0.0.15

0.0.16

0.0.17

0.0.18

0.0.19

0.0.20.dev0

0.0.20.dev1

0.0.20

0.0.21.dev0

0.0.21.dev1

0.0.21.dev2

0.0.21.dev3

0.0.21.dev4

0.0.21.dev8

0.0.21.dev9

0.0.21.dev13

0.0.21.dev14

0.0.21

0.0.22

0.0.23

0.0.24

0.0.25

0.0.26

0.0.28

0.0.29

0.0.31

0.0.32

1.*

1.0.32

1.0.33

1.0.34

1.0.35

1.0.36

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.2.9

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

1.4.0

1.4.1

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/01/GHSA-562r-8445-54r2/GHSA-562r-8445-54r2.json"