Comfyui
Self-Hosted and Unprotected: The AI Workflow Tool Security Crisis
Langflow, Flowise, n8n, ComfyUI — every major self-hosted AI workflow tool has shipped unauthenticated RCE vulnerabilities in 2026. This isn't a coincidence. It's a structural failure baked into how these tools were designed.
Over 1,000 Exposed ComfyUI Instances Hijacked for Cryptomining and Proxy Botnet
Active campaign targets unauthenticated ComfyUI deployments across cloud providers, enlisting them into Monero mining and a Hysteria V2 proxy botnet via malicious custom nodes.