CVE-2026-6589 | ComfyUI up to 0.13.0 server.py create_origin_only_middleware cross-site request forgery

A vulnerability was found in ComfyUI up to 0.13.0. It has been classified as problematic. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery.

This vulnerability is listed as CVE-2026-6589. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More