Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/comfy-cli@1.1.2
purl pkg:pypi/comfy-cli@1.1.2
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-cuuh-yk7d-ufc4
Aliases:
CVE-2026-22777
GHSA-562r-8445-54r2
ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler **Vulnerability Type**: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the `config.ini` file. This can lead to security setting tampering or modification of application behavior. **Affected Users**: Users running ComfyUI-Manager in environments where ComfyUI is configured with the `--listen` option to allow remote access. **CVSS Score**: 7.5 (High)
3.39.2
Affected by 0 other vulnerabilities.
4.0.5
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T06:37:38.804086+00:00 GitLab Importer Affected by VCID-cuuh-yk7d-ufc4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/comfy-cli/CVE-2026-22777.yml 38.6.0