ComfyUI's security scope is limited to localhost by design — --listen exposes the server to the network at user's risk
ComfyUI binds to 127.0.0.1 by default, making it accessible only from the user’s own machine. The threat model assumes anyone with access to the ComfyUI URL is trusted. Using —listen to expose the server on 0.0.0.0 or a public IP shifts security responsibility to the user (firewall, reverse proxy, authentication). Issues that require —listen to be exploited are not considered ComfyUI vulnerabilities — they are deployment misconfigurations. The real security surface is: a workflow file that a reasonable user might load, using only built-in nodes, that achieves arbitrary code execution or file read/write outside expected directories.
Examples
Putting ComfyUI behind an Nginx reverse proxy with basic auth before exposing it on LAN for remote use is the user’s responsibility, not a ComfyUI feature.
Assessment
A security researcher reports that visiting a malicious website can send requests to your ComfyUI instance. Under what condition is this a ComfyUI vulnerability vs. a user misconfiguration?