Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-22777 PoC — ComfyUI-Manager 注入漏洞

Source
https://github.com/vulhub/vulhub/blob/master/comfyui/CVE-2026-22777/README.md
Associated Vulnerability
Title:ComfyUI-Manager 注入漏洞 (CVE-2026-22777)
Description:ComfyUI-Manager是Dr.Lt.Data个人开发者的一款旨在增强 ComfyUI 可用性的扩展程序。 ComfyUI-Manager 3.39.2之前版本和4.0.5之前版本存在注入漏洞,该漏洞源于攻击者可以向HTTP查询参数注入特殊字符以向config.ini文件添加任意配置值,可能导致安全设置篡改或应用程序行为修改。
File Snapshot

 # ComfyUI-Manager CRLF Injection in Configuration Handler (CVE-2026-22777)

[中文版本(Chinese version)](

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.