CVE-2026-13493
Last modified
CVE-2026-13493 is a low-severity vulnerability rated 3.1/10 on the CVSS scale. A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restore Handler. Executing a manipulation can lead to improper control of resource identifiers. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| AIDC-AI | ComfyUI-Copilot | 2.0.0; 2.0.1; 2.0.2; 2.0.3; 2.0.4; 2.0.5; 2.0.6; 2.0.7; 2.0.8; 2.0.9; 2.0.10; 2.0.11; 2.0.12; 2.0.13; 2.0.14; 2.0.15; 2.0.16; 2.0.17; 2.0.18; 2.0.19; 2.0.20; 2.0.21; 2.0.22; 2.0.23; 2.0.24; 2.0.25; 2.0.26; 2.0.27; 2.0.28 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-13493?
How severe is CVE-2026-13493?
How do I fix CVE-2026-13493?
Related CVEs from 2026
- CVE-2026-13487A vulnerability was identified in SourceCodester Class and E…7.3
- CVE-2026-13488A security flaw has been discovered in SourceCodester Class …7.3
- CVE-2026-13489A weakness has been identified in 78 xiaozhi-esp32 up to 2.2…3.1
- CVE-2026-13490A security vulnerability has been detected in glpi-project g…6.3
- CVE-2026-13491A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6…3.7
- CVE-2026-13492The UsersWP plugin for WordPress is vulnerable to Arbitrary …8.8
- CVE-2026-13495A vulnerability has been found in itsourcecode Hospital Mana…4.7
- CVE-2026-13496A vulnerability was found in itsourcecode Hospital Managemen…6.3
- CVE-2026-13497A vulnerability was determined in itsourcecode Hospital Mana…6.3
- CVE-2026-13498A vulnerability was identified in yashpokharna2555 restauren…7.3
- CVE-2026-13499A security flaw has been discovered in yashpokharna2555 rest…4.3
- CVE-2026-13500A weakness has been identified in antlr ANTLR4 up to 4.13.2.…7.3
Are you affected by CVE-2026-13493?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
