CVE-2026-6590 | ComfyUI up to 0.13.0 Model Preview Endpoint app/model_manager.py get_model_preview path traversal

A vulnerability was found in ComfyUI up to 0.13.0. It has been declared as critical. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in path traversal.

This vulnerability is cataloged as CVE-2026-6590. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More