Cyber Resilience

CVE-2026-22777

High

Published: 10 January 2026

Published
10 January 2026
Modified
05 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0031 22.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-22777 is a high-severity CRLF Injection (CWE-93) vulnerability in Comfy Comfyui-Manager. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-22777 is a vulnerability in ComfyUI-Manager, an extension designed to enhance the usability of ComfyUI, affecting versions prior to 3.39.2 and 4.0.5. It enables an attacker to inject special characters into HTTP query parameters, allowing the addition of arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. The issue, published on 2026-01-10, is associated with CWE-93 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), emphasizing high integrity impact.

The vulnerability can be exploited by any remote attacker with network access, requiring low attack complexity, no privileges, and no user interaction. Successful exploitation allows modification of the config.ini file, enabling tampering with security settings or altering application behavior to the attacker's advantage, without impacting confidentiality or availability.

Mitigation is available through patching: upgrade to ComfyUI-Manager versions 3.39.2 or 4.0.5. Detailed advisory information and the patching commit are provided in the GitHub security advisory (https://github.com/Comfy-Org/ComfyUI-Manager/security/advisories/GHSA-562r-8445-54r2) and commit (https://github.com/Comfy-Org/ComfyUI-Manager/commit/f4fa394e0f03b013f1068c96cff168ad10bd0410).

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to…

more

security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: comfyui

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Remote HTTP parameter injection into public-facing ComfyUI-Manager directly enables T1190 exploitation; resulting arbitrary config.ini modification tampers with security settings, mapping to T1562.001.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-67303Same product: Comfy Comfyui-Manager
CVE-2026-21428Shared CWE-93
CVE-2026-39394Shared CWE-93
CVE-2026-41230Shared CWE-93
CVE-2025-28357Shared CWE-93
CVE-2026-39983Shared CWE-93
CVE-2026-32993Shared CWE-93
CVE-2026-5140Shared CWE-93
CVE-2026-1714Shared CWE-93
CVE-2026-6351Shared CWE-93

Affected Assets

comfy
comfyui-manager
≤ 3.39.2 · 4.0.3 — 4.0.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks injection of special characters via HTTP query parameters before they can write arbitrary values into config.ini.

prevent

Enforces access-control decisions on configuration-modifying requests so unauthenticated attackers cannot tamper with security settings.

prevent

Restricts which principals or paths are allowed to alter configuration files, limiting the impact of any successful injection into config.ini.

References