Vulnerability Details CVE-2026-22777
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.9%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-22777
-
cpe:2.3:a:comfy:comfyui-manager:2.48.1
-
cpe:2.3:a:comfy:comfyui-manager:2.48.2
-
cpe:2.3:a:comfy:comfyui-manager:2.48.3
-
cpe:2.3:a:comfy:comfyui-manager:2.48.4
-
cpe:2.3:a:comfy:comfyui-manager:2.48.6
-
cpe:2.3:a:comfy:comfyui-manager:2.48.7
-
cpe:2.3:a:comfy:comfyui-manager:2.50
-
cpe:2.3:a:comfy:comfyui-manager:2.50.1
-
cpe:2.3:a:comfy:comfyui-manager:2.51.1
-
cpe:2.3:a:comfy:comfyui-manager:2.51.2
-
cpe:2.3:a:comfy:comfyui-manager:2.51.4
-
cpe:2.3:a:comfy:comfyui-manager:2.51.5
-
cpe:2.3:a:comfy:comfyui-manager:2.51.6
-
cpe:2.3:a:comfy:comfyui-manager:2.51.7
-
cpe:2.3:a:comfy:comfyui-manager:2.51.8
-
cpe:2.3:a:comfy:comfyui-manager:2.51.9
-
cpe:2.3:a:comfy:comfyui-manager:2.52
-
cpe:2.3:a:comfy:comfyui-manager:2.53
-
cpe:2.3:a:comfy:comfyui-manager:2.54
-
cpe:2.3:a:comfy:comfyui-manager:2.55.3
-
cpe:2.3:a:comfy:comfyui-manager:2.55.5
-
cpe:2.3:a:comfy:comfyui-manager:2.56.2
-
cpe:2.3:a:comfy:comfyui-manager:3.0.1
-
cpe:2.3:a:comfy:comfyui-manager:3.10
-
cpe:2.3:a:comfy:comfyui-manager:3.11
-
cpe:2.3:a:comfy:comfyui-manager:3.11.2
-
cpe:2.3:a:comfy:comfyui-manager:3.11.3
-
cpe:2.3:a:comfy:comfyui-manager:3.12
-
cpe:2.3:a:comfy:comfyui-manager:3.12.1
-
cpe:2.3:a:comfy:comfyui-manager:3.12.2
-
cpe:2.3:a:comfy:comfyui-manager:3.13
-
cpe:2.3:a:comfy:comfyui-manager:3.13.1
-
cpe:2.3:a:comfy:comfyui-manager:3.14
-
cpe:2.3:a:comfy:comfyui-manager:3.15
-
cpe:2.3:a:comfy:comfyui-manager:3.16
-
cpe:2.3:a:comfy:comfyui-manager:3.17
-
cpe:2.3:a:comfy:comfyui-manager:3.17.1
-
cpe:2.3:a:comfy:comfyui-manager:3.17.11
-
cpe:2.3:a:comfy:comfyui-manager:3.17.2
-
cpe:2.3:a:comfy:comfyui-manager:3.17.3
-
cpe:2.3:a:comfy:comfyui-manager:3.17.4
-
cpe:2.3:a:comfy:comfyui-manager:3.17.6
-
cpe:2.3:a:comfy:comfyui-manager:3.17.7
-
cpe:2.3:a:comfy:comfyui-manager:3.17.9
-
cpe:2.3:a:comfy:comfyui-manager:3.18.1
-
cpe:2.3:a:comfy:comfyui-manager:3.19
-
cpe:2.3:a:comfy:comfyui-manager:3.21.1
-
cpe:2.3:a:comfy:comfyui-manager:3.21.3
-
cpe:2.3:a:comfy:comfyui-manager:3.21.5
-
cpe:2.3:a:comfy:comfyui-manager:3.22
-
cpe:2.3:a:comfy:comfyui-manager:3.23
-
cpe:2.3:a:comfy:comfyui-manager:3.24
-
cpe:2.3:a:comfy:comfyui-manager:3.24.1
-
cpe:2.3:a:comfy:comfyui-manager:3.25
-
cpe:2.3:a:comfy:comfyui-manager:3.25.1
-
cpe:2.3:a:comfy:comfyui-manager:3.26
-
cpe:2.3:a:comfy:comfyui-manager:3.26.1
-
cpe:2.3:a:comfy:comfyui-manager:3.26.2
-
cpe:2.3:a:comfy:comfyui-manager:3.27
-
cpe:2.3:a:comfy:comfyui-manager:3.27.11
-
cpe:2.3:a:comfy:comfyui-manager:3.27.2
-
cpe:2.3:a:comfy:comfyui-manager:3.27.3
-
cpe:2.3:a:comfy:comfyui-manager:3.27.8
-
cpe:2.3:a:comfy:comfyui-manager:3.28
-
cpe:2.3:a:comfy:comfyui-manager:3.29
-
cpe:2.3:a:comfy:comfyui-manager:3.3
-
cpe:2.3:a:comfy:comfyui-manager:3.3.10
-
cpe:2.3:a:comfy:comfyui-manager:3.3.11
-
cpe:2.3:a:comfy:comfyui-manager:3.3.2
-
cpe:2.3:a:comfy:comfyui-manager:3.3.3
-
cpe:2.3:a:comfy:comfyui-manager:3.3.4
-
cpe:2.3:a:comfy:comfyui-manager:3.3.5
-
cpe:2.3:a:comfy:comfyui-manager:3.3.6
-
cpe:2.3:a:comfy:comfyui-manager:3.3.7
-
cpe:2.3:a:comfy:comfyui-manager:3.3.8
-
cpe:2.3:a:comfy:comfyui-manager:3.3.9
-
cpe:2.3:a:comfy:comfyui-manager:3.30.2
-
cpe:2.3:a:comfy:comfyui-manager:3.30.4
-
cpe:2.3:a:comfy:comfyui-manager:3.30.5
-
cpe:2.3:a:comfy:comfyui-manager:3.30.6
-
cpe:2.3:a:comfy:comfyui-manager:3.30.7
-
cpe:2.3:a:comfy:comfyui-manager:3.30.8
-
cpe:2.3:a:comfy:comfyui-manager:3.31
-
cpe:2.3:a:comfy:comfyui-manager:3.31.1
-
cpe:2.3:a:comfy:comfyui-manager:3.31.11
-
cpe:2.3:a:comfy:comfyui-manager:3.31.12
-
cpe:2.3:a:comfy:comfyui-manager:3.31.13
-
cpe:2.3:a:comfy:comfyui-manager:3.31.2
-
cpe:2.3:a:comfy:comfyui-manager:3.31.4
-
cpe:2.3:a:comfy:comfyui-manager:3.31.6
-
cpe:2.3:a:comfy:comfyui-manager:3.31.8
-
cpe:2.3:a:comfy:comfyui-manager:3.32
-
cpe:2.3:a:comfy:comfyui-manager:3.32.1
-
cpe:2.3:a:comfy:comfyui-manager:3.32.2
-
cpe:2.3:a:comfy:comfyui-manager:3.32.3
-
cpe:2.3:a:comfy:comfyui-manager:3.32.4
-
cpe:2.3:a:comfy:comfyui-manager:3.32.5
-
cpe:2.3:a:comfy:comfyui-manager:3.33
-
cpe:2.3:a:comfy:comfyui-manager:3.33.2
-
cpe:2.3:a:comfy:comfyui-manager:3.33.3
-
cpe:2.3:a:comfy:comfyui-manager:3.33.4
-
cpe:2.3:a:comfy:comfyui-manager:3.33.5
-
cpe:2.3:a:comfy:comfyui-manager:3.33.6
-
cpe:2.3:a:comfy:comfyui-manager:3.33.7
-
cpe:2.3:a:comfy:comfyui-manager:3.33.8
-
cpe:2.3:a:comfy:comfyui-manager:3.35
-
cpe:2.3:a:comfy:comfyui-manager:3.37
-
cpe:2.3:a:comfy:comfyui-manager:3.37.1
-
cpe:2.3:a:comfy:comfyui-manager:3.38
-
cpe:2.3:a:comfy:comfyui-manager:3.38.2
-
cpe:2.3:a:comfy:comfyui-manager:3.38.3
-
cpe:2.3:a:comfy:comfyui-manager:3.39
-
cpe:2.3:a:comfy:comfyui-manager:3.39.1
-
cpe:2.3:a:comfy:comfyui-manager:3.5
-
cpe:2.3:a:comfy:comfyui-manager:3.6.1
-
cpe:2.3:a:comfy:comfyui-manager:3.6.2
-
cpe:2.3:a:comfy:comfyui-manager:3.6.4
-
cpe:2.3:a:comfy:comfyui-manager:3.6.5
-
cpe:2.3:a:comfy:comfyui-manager:3.7
-
cpe:2.3:a:comfy:comfyui-manager:3.7.2
-
cpe:2.3:a:comfy:comfyui-manager:3.7.3
-
cpe:2.3:a:comfy:comfyui-manager:3.7.4
-
cpe:2.3:a:comfy:comfyui-manager:3.7.5
-
cpe:2.3:a:comfy:comfyui-manager:3.7.6
-
cpe:2.3:a:comfy:comfyui-manager:3.8
-
cpe:2.3:a:comfy:comfyui-manager:3.8.1
-
cpe:2.3:a:comfy:comfyui-manager:3.9
-
cpe:2.3:a:comfy:comfyui-manager:3.9.1
-
cpe:2.3:a:comfy:comfyui-manager:3.9.2
-
cpe:2.3:a:comfy:comfyui-manager:3.9.3
-
cpe:2.3:a:comfy:comfyui-manager:3.9.4
-
cpe:2.3:a:comfy:comfyui-manager:4.0.3
-
cpe:2.3:a:comfy:comfyui-manager:4.0.4