CVE-2026-13493
AIDC-AI ComfyUI-Copilot Workflow Checkpoint Restore conversation_api.py resource injection
CVSS Score
3.1
EPSS Score
0.0%
EPSS Percentile
0th
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
| CWE | CWE-99 |
| Vendor | aidc-ai |
| Product | comfyui-copilot |
| Published | Jun 28, 2026 |
Stay Ahead of the Next One
Get instant alerts for aidc-ai comfyui-copilot
Be the first to know when new low vulnerabilities affecting aidc-ai comfyui-copilot are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
AIDC-AI / ComfyUI-Copilot
2.0.0 2.0.1 2.0.2 2.0.3 2.0.4 2.0.5 2.0.6 2.0.7 2.0.8 2.0.9 2.0.10 2.0.11 2.0.12 2.0.13 2.0.14 2.0.15 2.0.16 2.0.17 2.0.18 2.0.19 2.0.20 2.0.21 2.0.22 2.0.23 2.0.24 2.0.25 2.0.26 2.0.27 2.0.28
References
vuldb.com: https://vuldb.com/vuln/374489 vuldb.com: https://vuldb.com/vuln/374489/cti vuldb.com: https://vuldb.com/cve/CVE-2026-13493 vuldb.com: https://vuldb.com/submit/838497 github.com: https://github.com/AIDC-AI/ComfyUI-Copilot/issues/149 github.com: https://github.com/AIDC-AI/ComfyUI-Copilot/pull/150 github.com: https://github.com/AIDC-AI/ComfyUI-Copilot/
Credits
๐ dem0000 (VulDB User) VulDB CNA Team