CVE-2026-6591

Vulnerability

A path traversal vulnerability exists in ComfyUI up to version 0.13.0 within the folder_paths.get_annotated_filepath function of folder_paths.py. This function is called by the LoadImage node when processing image input from the /prompt API. Unlike the protected get_full_path function, get_annotated_filepath does not perform any path containment check, allowing ../ sequences to be passed directly to os.path.join(), which resolves to arbitrary files on the filesystem [1].

Exploitation

Exploitation is unauthenticated and remote via the /prompt API. The image parameter accepts ../ sequences. Normally, the combo list validation would reject such values, but the LoadImage node defines a VALIDATE_INPUTS method that includes the image parameter, causing the combo check to be skipped. The custom validation is weak and does not prevent path traversal [1]. An attacker can send specially crafted requests to probe for file existence or exfiltrate image files.

Impact

An attacker can determine whether arbitrary files exist on the server (e.g., /etc/passwd) and read any image file from the filesystem. This information disclosure could aid in further attacks, such as reading configuration files or user data if they are image files. The exploit has been published, increasing the risk of mass exploitation [1].

Mitigation

The vendor was contacted but did not respond, so no official patch is available. Users of ComfyUI up to 0.13.0 should restrict network access to the /prompt endpoint, monitor for suspicious requests, or apply file system permissions to limit exposure.