Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-22777 PoC — ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler

Source
https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/ComfyUI-Manager%20%E9%85%8D%E7%BD%AE%E5%A4%84%E7%90%86%E5%99%A8%20CRLF%20%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2026-22777.md
Associated Vulnerability
Title:ComfyUI-Manager is Vulnerable to CRLF Injection in Configuration Handler (CVE-2026-22777)
Description:ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting tampering or modification of application behavior. This issue has been patched in versions 3.39.2 and 4.0.5.
File Snapshot

 # ComfyUI-Manager 配置处理器 CRLF 注入漏洞 CVE-2026-22777

## 漏洞描述

ComfyUI 是一款基于节点式工作流的 Stable Diffusion 专业图

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →