CVE-2026-13493

Summary

A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

Affected Software

VendorProductVersion RangeStatus
AIDC-AIComfyUI-Copilot2.0.0affected
AIDC-AIComfyUI-Copilot2.0.1affected
AIDC-AIComfyUI-Copilot2.0.2affected
AIDC-AIComfyUI-Copilot2.0.3affected
AIDC-AIComfyUI-Copilot2.0.4affected
AIDC-AIComfyUI-Copilot2.0.5affected
AIDC-AIComfyUI-Copilot2.0.6affected
AIDC-AIComfyUI-Copilot2.0.7affected
AIDC-AIComfyUI-Copilot2.0.8affected
AIDC-AIComfyUI-Copilot2.0.9affected
AIDC-AIComfyUI-Copilot2.0.10affected
AIDC-AIComfyUI-Copilot2.0.11affected
AIDC-AIComfyUI-Copilot2.0.12affected
AIDC-AIComfyUI-Copilot2.0.13affected
AIDC-AIComfyUI-Copilot2.0.14affected
AIDC-AIComfyUI-Copilot2.0.15affected
AIDC-AIComfyUI-Copilot2.0.16affected
AIDC-AIComfyUI-Copilot2.0.17affected
AIDC-AIComfyUI-Copilot2.0.18affected
AIDC-AIComfyUI-Copilot2.0.19affected
AIDC-AIComfyUI-Copilot2.0.20affected
AIDC-AIComfyUI-Copilot2.0.21affected
AIDC-AIComfyUI-Copilot2.0.22affected
AIDC-AIComfyUI-Copilot2.0.23affected
AIDC-AIComfyUI-Copilot2.0.24affected
AIDC-AIComfyUI-Copilot2.0.25affected
AIDC-AIComfyUI-Copilot2.0.26affected
AIDC-AIComfyUI-Copilot2.0.27affected
AIDC-AIComfyUI-Copilot2.0.28affected

Weaknesses

  • CWE-99: Improper Control of Resource Identifiers

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References