CVE-2026-6589 - ComfyUI server.py create_origin_only_middleware cross-site request forgery
CVE ID :CVE-2026-6589 Published : April 20, 2026, 1:16 a.m. | 1 hour, 26 minutes ago Description :A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forg
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Navy tells sailors to ‘beware’ of dating apps, button-up social media amid Iran conflict
- [CYBER] Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster Action
- [CYBER] How to Prevent Email Leaks When Sharing Collaborative Docs Publicly
- [CYBER] Türkiye to boost virtual patrols, strengthen cyber law enforcement
- [CYBER] CVE-2026-25883 - Vexa Webhook Feature has a SSRF Vulnerability
- [CYBER] CVE-2026-25058 - Vexa's unauthenticated internal transcript endpoint exposed by default