Core Viewpoint - ComfyUI, an AI drawing tool designed for image generation tasks, has been found to have multiple high-risk vulnerabilities that could be exploited by attackers to execute remote code and gain server access, leading to potential data theft [1] Vulnerabilities - The vulnerabilities identified include arbitrary file reading and remote code execution, specifically CVE-2024-10099, CVE-2024-21574, CVE-2024-21575, CVE-2024-21576, and CVE-2024-21577 [1] - Attackers can leverage these vulnerabilities to perform remote code execution attacks, which could allow them to obtain server permissions and subsequently steal system data [1] Cybersecurity Threats - Foreign hacker organizations have already exploited the vulnerabilities in ComfyUI to conduct cyberattacks on domestic network assets, aiming to steal important sensitive data [1]
国家网络安全通报中心:ComfyUI存在多个高危漏洞
news flash·2025-05-27 02:37