What happened
AIDC-AI ComfyUI-Copilot up to version 2.0.28 contains an improper control of resource identifiers (CWE-99) in the Workflow Checkpoint Restore Handler within backend/controller/conversation_api.py. An attacker can manipulate resource identifiers to gain unauthorized access to or exposure of workflow checkpoint data. Exploitable remotely; CVSS 3.1 score is Low (3.1).
Why it matters
ComfyUI-Copilot is an AI assistant plugin for ComfyUI, a widely used visual workflow tool for Stable Diffusion and other generative AI pipelines. Unauthorized access to workflow checkpoints could expose model configurations, intermediate generation artifacts, and user workflow state. The remote exploitability with no authentication requirement noted in the description warrants tracking even at low severity.
Attack vector
Remote attacker manipulates resource identifier parameters in the Workflow Checkpoint Restore Handler API endpoint to access or expose checkpoint data belonging to other users or sessions
Affected systems
AIDC-AI ComfyUI-Copilot ≤ 2.0.28
Mitigation
Upgrade ComfyUI-Copilot beyond 2.0.28 when a patched release is available. Monitor the repository: https://github.com/AIDC-AI/ComfyUI-Copilot