Critical severity10.0NVD Advisory· Published Dec 13, 2024· Updated Apr 15, 2026
CVE-2024-21576
CVE-2024-21576
Description
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects a crafted string into the node. This can result in executing arbitrary code on the server.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.