CVE-2026-6593

A stored cross-site scripting vulnerability exists in ComfyUI up to version 0.13.0. The /view endpoint in server.py attempts to prevent XSS by blocking dangerous MIME types (e.g., text/html, text/javascript), but the blocklist does not include image/svg+xml. This allows an attacker to upload an SVG file containing embedded ` tags via the /upload/image` endpoint, which the browser then renders and executes in the origin context of the application [1].

To exploit this vulnerability, an attacker requires network access to a running ComfyUI instance. No authentication is needed to upload files or access uploaded content. The /upload/image endpoint accepts any file type without extension validation, so a malicious SVG can be placed in the input/ directory. When the victim views the uploaded SVG via the /view endpoint, the browser processes it as an SVG image and executes the embedded JavaScript due to the incomplete MIME type restrictions [1].

The impact of this vulnerability is the execution of arbitrary JavaScript in the context of the ComfyUI origin, potentially leading to session hijacking, data exfiltration, or other client-side attacks. Stored XSS allows the malicious script to persist until manually removed [1].

The vulnerability has been publicly disclosed, and the vendor did not respond to initial disclosure attempts. As of the publication date, no official patch has been released for this specific bypass. Users are advised to manually restrict file uploads to non-SVG types or apply additional server-side filtering pending an official fix [1].