Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-22777 PoC — ComfyUI-Manager 注入漏洞

Source
https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/ComfyUI-Manager%20%E9%85%8D%E7%BD%AE%E5%A4%84%E7%90%86%E5%99%A8%20CRLF%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2026-22777.md
Associated Vulnerability
Title:ComfyUI-Manager 注入漏洞 (CVE-2026-22777)
Description:ComfyUI-Manager是Dr.Lt.Data个人开发者的一款旨在增强 ComfyUI 可用性的扩展程序。 ComfyUI-Manager 3.39.2之前版本和4.0.5之前版本存在注入漏洞,该漏洞源于攻击者可以向HTTP查询参数注入特殊字符以向config.ini文件添加任意配置值,可能导致安全设置篡改或应用程序行为修改。
File Snapshot

 # ComfyUI-Manager 配置处理器 CRLF 注入漏洞 CVE-2026-22777

## 漏洞描述

ComfyUI 是一款基于节点式工作流的 Stable Diffusion 专业图

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.