Refine your search
16 vulnerabilities found for dify by langgenius
CVE-2026-34082 (GCVE-0-2026-34082)
Vulnerability from cvelistv5
Published
2026-04-20 23:03
Modified
2026-04-20 23:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 1.13.1 |
{
"containers": {
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 1.13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/\u003cappId\u003e/conversations/\u003cconversationId\u003e` has poor authorization checking and allows any Dify-authenticated user to delete someone else\u0027s chat history. Version 1.13.1 patches the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T23:03:18.158Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-fxq3-hh7x-c63p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-fxq3-hh7x-c63p"
},
{
"name": "https://github.com/langgenius/dify/releases/tag/1.13.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/releases/tag/1.13.1"
}
],
"source": {
"advisory": "GHSA-fxq3-hh7x-c63p",
"discovery": "UNKNOWN"
},
"title": "Dify has IDOR in deleting someone else\u0027s chat conversation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-34082",
"datePublished": "2026-04-20T23:03:18.158Z",
"dateReserved": "2026-03-25T16:21:40.868Z",
"dateUpdated": "2026-04-20T23:03:18.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6619 (GCVE-0-2026-6619)
Vulnerability from cvelistv5
Published
2026-04-20 08:00
Modified
2026-04-20 13:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: 1.13.0 Version: 1.13.1 Version: 1.13.2 Version: 1.13.3 cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6619",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T13:29:23.054701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T13:29:29.634Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:*"
],
"modules": [
"ImagePreview"
],
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "1.13.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-g (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T08:00:17.267Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358254 | langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358254"
},
{
"name": "VDB-358254 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358254/cti"
},
{
"name": "Submit #792242 | LangGenius Dify v1.13.3 Cross-Site Scripting (CWE-79)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/792242"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/chenhouser2025/a8ac169dad5cf84811cf9c0505491ea8"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-19T18:23:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6619",
"datePublished": "2026-04-20T08:00:17.267Z",
"dateReserved": "2026-04-19T16:18:42.738Z",
"dateUpdated": "2026-04-20T13:29:29.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6618 (GCVE-0-2026-6618)
Vulnerability from cvelistv5
Published
2026-04-20 07:45
Modified
2026-04-20 16:21
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery
Summary
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: 1.13.0 Version: 1.13.1 Version: 1.13.2 Version: 1.13.3 cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6618",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T16:20:02.754768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T16:21:30.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:*"
],
"modules": [
"ApiBasedToolSchemaParser"
],
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "1.13.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-g (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T07:45:16.985Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358253 | langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358253"
},
{
"name": "VDB-358253 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358253/cti"
},
{
"name": "Submit #792241 | LangGenius Dify \u003c= v1.13.3 Server-Side Request Forgery (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/792241"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/chenhouser2025/d7b1c574b0e32eb9169f7046b486e662"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-19T18:23:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6618",
"datePublished": "2026-04-20T07:45:16.985Z",
"dateReserved": "2026-04-19T16:18:39.660Z",
"dateUpdated": "2026-04-20T16:21:30.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6617 (GCVE-0-2026-6617)
Vulnerability from cvelistv5
Published
2026-04-20 07:30
Modified
2026-04-20 11:12
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery
Summary
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: 0.6.0 Version: 0.6.1 Version: 0.6.2 Version: 0.6.3 Version: 0.6.4 Version: 0.6.5 Version: 0.6.6 Version: 0.6.7 Version: 0.6.8 Version: 0.6.9 cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6617",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-20T11:11:24.609669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T11:12:15.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:*"
],
"modules": [
"ApiToolManageService"
],
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "0.6.0"
},
{
"status": "affected",
"version": "0.6.1"
},
{
"status": "affected",
"version": "0.6.2"
},
{
"status": "affected",
"version": "0.6.3"
},
{
"status": "affected",
"version": "0.6.4"
},
{
"status": "affected",
"version": "0.6.5"
},
{
"status": "affected",
"version": "0.6.6"
},
{
"status": "affected",
"version": "0.6.7"
},
{
"status": "affected",
"version": "0.6.8"
},
{
"status": "affected",
"version": "0.6.9"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-g (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-20T07:30:12.357Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-358252 | langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/358252"
},
{
"name": "VDB-358252 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/358252/cti"
},
{
"name": "Submit #792231 | LangGenius Dify \u003c= 0.6.9 Server-Side Request Forgery (CWE-918)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/792231"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-19T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-19T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-19T18:23:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6617",
"datePublished": "2026-04-20T07:30:12.357Z",
"dateReserved": "2026-04-19T16:18:35.592Z",
"dateUpdated": "2026-04-20T11:12:15.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21866 (GCVE-0-2026-21866)
Vulnerability from cvelistv5
Published
2026-03-03 21:42
Modified
2026-03-04 21:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 1.11.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21866",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-04T21:17:56.778472Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T21:18:08.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify\u2019s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T21:43:32.391Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-qpv6-75c2-75h4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-qpv6-75c2-75h4"
},
{
"name": "https://github.com/langgenius/dify/pull/29811",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/pull/29811"
},
{
"name": "https://github.com/langgenius/dify/commit/ae17537470bba417a8971fff705dd82ecb043564",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/commit/ae17537470bba417a8971fff705dd82ecb043564"
}
],
"source": {
"advisory": "GHSA-qpv6-75c2-75h4",
"discovery": "UNKNOWN"
},
"title": "Dify - Stored XSS in chat"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-21866",
"datePublished": "2026-03-03T21:42:25.311Z",
"dateReserved": "2026-01-05T16:44:16.368Z",
"dateUpdated": "2026-03-04T21:18:08.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28288 (GCVE-0-2026-28288)
Vulnerability from cvelistv5
Published
2026-02-27 20:25
Modified
2026-02-27 20:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-204 - Observable Response Discrepancy
Summary
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 1.9.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28288",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-27T20:44:24.552212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:45:44.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 1.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:25:24.599Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-9qpf-wcv3-w3qx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-9qpf-wcv3-w3qx"
},
{
"name": "https://github.com/langgenius/dify/issues/24323",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/issues/24323"
}
],
"source": {
"advisory": "GHSA-9qpf-wcv3-w3qx",
"discovery": "UNKNOWN"
},
"title": "Dify has a user enumeration issue"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28288",
"datePublished": "2026-02-27T20:25:24.599Z",
"dateReserved": "2026-02-26T01:52:58.735Z",
"dateUpdated": "2026-02-27T20:45:44.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26023 (GCVE-0-2026-26023)
Vulnerability from cvelistv5
Published
2026-02-11 21:23
Modified
2026-02-12 21:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fixed in 1.13.0.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 1.13.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26023",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-12T21:16:28.177451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T21:16:35.748Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 1.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fixed in 1.13.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:23:09.866Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-qqjx-5h5w-x5vj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-qqjx-5h5w-x5vj"
},
{
"name": "https://github.com/langgenius/dify/commit/378a1d7d08bd0ac5c75eaadc075a0f35211fcb8e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/commit/378a1d7d08bd0ac5c75eaadc075a0f35211fcb8e"
},
{
"name": "https://github.com/langgenius/dify/releases/tag/1.13.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/releases/tag/1.13.0"
}
],
"source": {
"advisory": "GHSA-qqjx-5h5w-x5vj",
"discovery": "UNKNOWN"
},
"title": "Client\u2011side DOM XSS in the web chat app of Dify when using echarts"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26023",
"datePublished": "2026-02-11T21:23:09.866Z",
"dateReserved": "2026-02-09T21:36:29.555Z",
"dateUpdated": "2026-02-12T21:16:35.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67732 (GCVE-0-2025-67732)
Vulnerability from cvelistv5
Published
2026-01-05 21:41
Modified
2026-01-06 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version 1.11.0 fixes the issue.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 1.11.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-06T15:39:43.895898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-06T17:39:15.184Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version 1.11.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522: Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T21:41:01.583Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-phpv-94hg-fv9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-phpv-94hg-fv9g"
}
],
"source": {
"advisory": "GHSA-phpv-94hg-fv9g",
"discovery": "UNKNOWN"
},
"title": "Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-67732",
"datePublished": "2026-01-05T21:41:01.583Z",
"dateReserved": "2025-12-10T20:04:28.290Z",
"dateUpdated": "2026-01-06T17:39:15.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58747 (GCVE-0-2025-58747)
Vulnerability from cvelistv5
Published
2025-10-17 15:48
Modified
2025-10-17 15:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorization_url provided by a remote MCP server is directly passed to window.open without validation or sanitization. An attacker can craft a malicious MCP server that returns a JavaScript URI (such as javascript:alert(1)) in the authorization_url field, which is then executed when the victim attempts to connect to the MCP server. This allows the attacker to execute arbitrary JavaScript in the context of the Dify application.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: <= 1.9.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58747",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T15:58:24.874703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T15:58:42.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorization_url provided by a remote MCP server is directly passed to window.open without validation or sanitization. An attacker can craft a malicious MCP server that returns a JavaScript URI (such as javascript:alert(1)) in the authorization_url field, which is then executed when the victim attempts to connect to the MCP server. This allows the attacker to execute arbitrary JavaScript in the context of the Dify application."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T15:48:04.980Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-9jch-j9qf-vqfw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-9jch-j9qf-vqfw"
},
{
"name": "https://github.com/langgenius/dify/commit/bfda4ce7e6f39d43a4420e97e23a18edcfe3e3d3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/commit/bfda4ce7e6f39d43a4420e97e23a18edcfe3e3d3"
}
],
"source": {
"advisory": "GHSA-9jch-j9qf-vqfw",
"discovery": "UNKNOWN"
},
"title": "Dify MCP OAuth Flow Vulnerable to XSS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58747",
"datePublished": "2025-10-17T15:48:04.980Z",
"dateReserved": "2025-09-04T19:18:09.498Z",
"dateUpdated": "2025-10-17T15:58:42.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59422 (GCVE-0-2025-59422)
Vulnerability from cvelistv5
Published
2025-09-25 13:19
Modified
2025-09-25 15:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/<APP_ID>chat-messages?conversation_id=<CONVERSATION_ID>&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query data and the filename of the admins and probably other users chats, if they know the conversation_id. This impacts the confidentiality of chats. This issue has been patched in version 1.9.0.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: = 1.8.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59422",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T15:14:35.357290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T15:14:52.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-jg5j-c9pq-w894"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "= 1.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/\u003cAPP_ID\u003echat-messages?conversation_id=\u003cCONVERSATION_ID\u003e\u0026limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query data and the filename of the admins and probably other users chats, if they know the conversation_id. This impacts the confidentiality of chats. This issue has been patched in version 1.9.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T13:19:11.385Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-jg5j-c9pq-w894",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-jg5j-c9pq-w894"
},
{
"name": "https://github.com/langgenius/dify/commit/b2d8a7eaf1693841411934e2056042845ab4f354",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/commit/b2d8a7eaf1693841411934e2056042845ab4f354"
}
],
"source": {
"advisory": "GHSA-jg5j-c9pq-w894",
"discovery": "UNKNOWN"
},
"title": "Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59422",
"datePublished": "2025-09-25T13:19:11.385Z",
"dateReserved": "2025-09-15T19:13:16.904Z",
"dateUpdated": "2025-09-25T15:14:52.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49149 (GCVE-0-2025-49149)
Vulnerability from cvelistv5
Published
2025-06-17 22:34
Modified
2025-06-18 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no known patched version.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: = 1.2.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49149",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T13:38:41.334839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T13:39:29.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "= 1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no known patched version."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T22:34:24.515Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-grmh-ww4v-5cgj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-grmh-ww4v-5cgj"
}
],
"source": {
"advisory": "GHSA-grmh-ww4v-5cgj",
"discovery": "UNKNOWN"
},
"title": "Dify has XSS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-49149",
"datePublished": "2025-06-17T22:34:24.515Z",
"dateReserved": "2025-06-02T10:39:41.635Z",
"dateUpdated": "2025-06-18T13:39:29.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43854 (GCVE-0-2025-43854)
Vulnerability from cvelistv5
Published
2025-04-28 15:58
Modified
2025-04-28 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Summary
DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to unauthorized actions being performed, potentially compromising the security and privacy of users. This issue has been fixed in version 1.3.0.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 1.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43854",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:07:28.208785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:07:31.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-jhgq-cx3f-vj5p"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to unauthorized actions being performed, potentially compromising the security and privacy of users. This issue has been fixed in version 1.3.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021: Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:58:54.689Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-jhgq-cx3f-vj5p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-jhgq-cx3f-vj5p"
},
{
"name": "https://github.com/langgenius/dify/pull/18516",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/pull/18516"
}
],
"source": {
"advisory": "GHSA-jhgq-cx3f-vj5p",
"discovery": "UNKNOWN"
},
"title": "DIFY vulnerable to Clickjacking Attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-43854",
"datePublished": "2025-04-28T15:58:54.689Z",
"dateReserved": "2025-04-17T20:07:08.555Z",
"dateUpdated": "2025-04-28T18:07:31.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43862 (GCVE-0-2025-43862)
Vulnerability from cvelistv5
Published
2025-04-25 15:05
Modified
2025-04-25 15:54
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 0.6.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:41.728212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:54:38.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can access Orchestration of the APPs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:05:32.172Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-6pw4-jqhv-3626",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-6pw4-jqhv-3626"
},
{
"name": "https://github.com/langgenius/dify/pull/5266",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/pull/5266"
}
],
"source": {
"advisory": "GHSA-6pw4-jqhv-3626",
"discovery": "UNKNOWN"
},
"title": "Dify Allows Unauthorized Access and Modification of APP Orchestration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-43862",
"datePublished": "2025-04-25T15:05:32.172Z",
"dateReserved": "2025-04-17T20:07:08.556Z",
"dateUpdated": "2025-04-25T15:54:38.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32796 (GCVE-0-2025-32796)
Vulnerability from cvelistv5
Published
2025-04-18 16:06
Modified
2025-04-18 16:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to make unauthorized changes, which can disrupt the functionality and availability of the APPS. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the API access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can send enable or disable requests for apps.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 0.6.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32796",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T16:36:32.427000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T16:36:51.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-hqcx-598m-pjq4"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to make unauthorized changes, which can disrupt the functionality and availability of the APPS. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the API access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can send enable or disable requests for apps."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T16:06:47.577Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-hqcx-598m-pjq4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-hqcx-598m-pjq4"
},
{
"name": "https://github.com/langgenius/dify/pull/5266",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/pull/5266"
}
],
"source": {
"advisory": "GHSA-hqcx-598m-pjq4",
"discovery": "UNKNOWN"
},
"title": "Dify Allows Unauthorized APP Enable/Disable via API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32796",
"datePublished": "2025-04-18T16:06:47.577Z",
"dateReserved": "2025-04-10T12:51:12.282Z",
"dateUpdated": "2025-04-18T16:36:51.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32795 (GCVE-0-2025-32795)
Vulnerability from cvelistv5
Published
2025-04-18 16:05
Modified
2025-04-18 16:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite being restricted from viewing apps, which poses a security risk to the integrity of the application. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can modify app details.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 0.6.12 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32795",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T16:37:11.813498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T16:37:49.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-gg5w-m2vw-vmmj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite being restricted from viewing apps, which poses a security risk to the integrity of the application. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can modify app details."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T16:05:11.644Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-gg5w-m2vw-vmmj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-gg5w-m2vw-vmmj"
},
{
"name": "https://github.com/langgenius/dify/pull/5266",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/pull/5266"
}
],
"source": {
"advisory": "GHSA-gg5w-m2vw-vmmj",
"discovery": "UNKNOWN"
},
"title": "Dify Allows Insecure User Role Access Control for APP Editing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32795",
"datePublished": "2025-04-18T16:05:11.644Z",
"dateReserved": "2025-04-10T12:51:12.281Z",
"dateUpdated": "2025-04-18T16:37:49.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-32790 (GCVE-0-2025-32790)
Vulnerability from cvelistv5
Published
2025-04-18 12:15
Modified
2025-04-18 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| langgenius | dify |
Version: < 0.6.13 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32790",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T12:43:20.214574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T12:43:23.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-jp6m-v4gw-5vgp"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dify",
"vendor": "langgenius",
"versions": [
{
"status": "affected",
"version": "\u003c 0.6.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in \u0027/export\u0027 should only allow administrator users to export DSL. A workaround for this vulnerability involves updating the access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can export the APP DSL. This vulnerability is fixed in 0.6.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T13:48:27.073Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/langgenius/dify/security/advisories/GHSA-jp6m-v4gw-5vgp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/langgenius/dify/security/advisories/GHSA-jp6m-v4gw-5vgp"
},
{
"name": "https://github.com/langgenius/dify/pull/5841",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/pull/5841"
},
{
"name": "https://github.com/langgenius/dify/commit/59ad091e69736bc9dc1a3bace62ec0a232346246",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/langgenius/dify/commit/59ad091e69736bc9dc1a3bace62ec0a232346246"
}
],
"source": {
"advisory": "GHSA-jp6m-v4gw-5vgp",
"discovery": "UNKNOWN"
},
"title": "Dify Allows Insecure User Role Access Control for APP DSL Exporting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32790",
"datePublished": "2025-04-18T12:15:11.487Z",
"dateReserved": "2025-04-10T12:51:12.281Z",
"dateUpdated": "2025-04-18T13:48:27.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}