CVE-2024-10481
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in ComfyUI versions up to v0.2.2 allows attackers to create malicious websites that, when visited by authenticated users, can perform unauthorized API requests on their behalf. This enables actions like arbitrary file uploads and prompt/history manipulation. All users running vulnerable ComfyUI instances with web access are affected.
💻 Affected Systems
- comfyanonymous/comfyui
📦 What is this software?
Comfyui by Comfy
⚠️ Risk & Real-World Impact
Worst Case
Attackers could upload malicious files leading to remote code execution, manipulate AI workflows to produce harmful outputs, steal sensitive data, or combine with stored-XSS to hijack user sessions completely.
Likely Case
Attackers upload malicious files or manipulate AI prompts/history without user consent, potentially leading to data corruption, unauthorized system access, or denial of service.
If Mitigated
With proper CSRF protections, only authenticated users can perform API actions, preventing unauthorized requests from external sites.
🎯 Exploit Status
Exploitation requires the victim to be authenticated to ComfyUI and visit a malicious website. The vulnerability is well-documented with proof-of-concept available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after v0.2.2
Vendor Advisory: https://huntr.com/bounties/f4d5bfb5-6ff1-4356-b81f-f8c01d2e6ded
Restart Required: Yes
Instructions:
1. Update ComfyUI to the latest version (after v0.2.2). 2. Restart the ComfyUI service. 3. Verify CSRF protections are enabled on all API endpoints.
🔧 Temporary Workarounds
Implement CSRF Tokens Manually
allAdd CSRF token validation to all API endpoints if you cannot update immediately.
Modify API endpoints to require and validate CSRF tokens in requests
Restrict API Access
allConfigure web server to restrict API endpoints to specific IP ranges or require additional authentication.
Configure nginx/apache rules to restrict /upload, /prompt, /history endpoints
🧯 If You Can't Patch
- Isolate ComfyUI instance behind VPN or internal network only
- Implement strict SameSite cookie policies and CORS restrictions
🔍 How to Verify
Check if Vulnerable:
Check if your ComfyUI version is ≤ v0.2.2 and test if API endpoints accept requests without CSRF tokens when authenticated.Check Version:
Check ComfyUI version in web interface or package managerVerify Fix Applied:
After updating, test that API endpoints now require CSRF tokens and reject requests without proper validation.📡 Detection & Monitoring
Log Indicators:
- Multiple failed API requests without CSRF tokens
- Unexpected file uploads via /upload/image endpoint
- API requests from unexpected referrers
Network Indicators:
- HTTP POST requests to /upload/image, /prompt, /history endpoints from external domains
- Requests lacking CSRF token headers
SIEM Query:
source="comfyui" AND (uri_path="/upload/image" OR uri_path="/prompt" OR uri_path="/history") AND http_referer NOT CONTAINS "your-domain.com"