CVE-2026-6592 | ComfyUI up to 0.13.0 userdata Endpoint app/user_manager.py getuserdata cross site scripting

A vulnerability categorized as problematic has been discovered in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting.

This vulnerability is documented as CVE-2026-6592. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More