REPRO-2026-00052 HIGH Verified

ComfyUI-Manager: Configuration File Exposure via Web-Accessible Path

ComfyUI-Manager (pip) Jan 8, 2026

Open in Codespaces Download Script

Confidence HIGH

Reproduced in 11m 32s

Tool calls 57

Affected < 3.38

Fixed in 3.38

What's the vulnerability?

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface

Root Cause Analysis

One Command

Verify with pruva-verify

Run the Pruva CLI to automatically fetch and execute the reproduction script.

pruva-verify REPRO-2026-00052

or pruva-verify GHSA-2hc9-cc65-xwj8

or pruva-verify CVE-2025-67303

Install: curl -fsSL https://pruva.dev/install.sh | sh

Or Run Manually

1

Download the script

curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00052/artifacts/bundle/repro/reproduction_steps.sh

2

Make executable

chmod +x reproduction_steps.sh

3

Run the script

./reproduction_steps.sh

Run in a VM, container, or disposable environment. This exploits a real vulnerability.

How Pruva Reproduced This

Watch the AI agent's step-by-step process.

Loading session...

Artifacts

bundle/reproduction_steps.sh0.2 KB

bundle/repro/rca_report.md2.4 KB

bundle/repro/reproduction_steps.sh6.2 KB

bundle/ticket.md0.9 KB

bundle/repro/logs/protected_config_current.ini0.0 KB

bundle/repro/logs/server.log0.3 KB

bundle/repro/logs/step3_get_after.txt0.0 KB

bundle/repro/logs/step1_get_before.txt0.0 KB

bundle/repro/logs/step2_post_response.json0.0 KB

bundle/repro/logs/step4_get_protected.txt0.0 KB

bundle/repro/logs/legacy_config_current.ini0.0 KB