You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Affected software: ComfyUI-Manager (versions prior to v3.38)
Type of vulnerability: RCE (command injection reachable via the extension install endpoint)
Requires authentication: No — ComfyUI-Manager exposes administrative endpoints on the default ComfyUI port (8188/tcp) without authentication in default deployments.
Language you would use for writing the plugin: Templated plugins
Fingerprinting strategy (how we detect without exploiting):
GET /api/manager/version → returns a JSON object containing the installed ComfyUI-Manager version. Match when the returned version is less than 3.38.
Fallback if the API response shape shifts: GET /manager/ → inspect the response body for ComfyUI-Manager branding / known static asset paths.
Optional liveness check: GET /api/manager/queue/status → 200 OK confirms the Manager endpoint surface is present.
No exploit payload is sent; detection is a passive HTTP GET + version-string comparison. This follows the fingerprint-first design used by recently accepted Tsunami plugins and is the reliability profile tooryx has asked for on prior AI-stack PRP submissions.
Popularity: ComfyUI is the dominant Stable Diffusion UI (~90K GitHub stars). ComfyUI-Manager is the de-facto extension manager for ComfyUI (~10K stars) and is enabled by default in most ComfyUI distributions, including many publicly reachable instances.
Identifier of the vulnerability: CVE-2025-67303 / GHSA-2hc9-cc65-xwj8
Affected software: ComfyUI-Manager (versions prior to v3.38)
Type of vulnerability: RCE (command injection reachable via the extension install endpoint)
Requires authentication: No — ComfyUI-Manager exposes administrative endpoints on the default ComfyUI port (8188/tcp) without authentication in default deployments.
Language you would use for writing the plugin: Templated plugins
Fingerprinting strategy (how we detect without exploiting):
GET /api/manager/version→ returns a JSON object containing the installed ComfyUI-Manager version. Match when the returned version is less than3.38.GET /manager/→ inspect the response body for ComfyUI-Manager branding / known static asset paths.GET /api/manager/queue/status→ 200 OK confirms the Manager endpoint surface is present.No exploit payload is sent; detection is a passive HTTP GET + version-string comparison. This follows the fingerprint-first design used by recently accepted Tsunami plugins and is the reliability profile
tooryxhas asked for on prior AI-stack PRP submissions.Resources: