Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

dify — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in dify, with AI-generated Chinese analysis, references, and POCs.

Vendor: langgenius

CVE IDTitleCVSSSeverityPaused
CVE-2026-34082 Dify has IDOR in deleting someone else's chat conversation CWE-863 4.3AIMediumAI2026-04-20
CVE-2026-6619 langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting CWE-79 3.5 Low2026-04-20
CVE-2026-6618 langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery CWE-918 6.3 Medium2026-04-20
CVE-2026-6617 langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery CWE-918 6.3 Medium2026-04-20
CVE-2026-21866 Dify - Stored XSS in chat CWE-79 5.4AIMediumAI2026-03-03
CVE-2026-28288 Dify has a user enumeration issue CWE-204 5.3 -2026-02-27
CVE-2026-26023 Client‑side DOM XSS in the web chat app of Dify when using echarts CWE-79 6.1AIMediumAI2026-02-11
CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint CWE-200 5.4 -2026-01-05
CVE-2025-58747 Dify MCP OAuth Flow Vulnerable to XSS CWE-79 6.1AIMediumAI2025-10-17
CVE-2025-59422 Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others CWE-284 4.3AIMediumAI2025-09-25
CVE-2025-49149 Dify has XSS vulnerability CWE-79 6.1AIMediumAI2025-06-17
CVE-2025-43854 DIFY vulnerable to Clickjacking Attack CWE-1021 6.1AIMediumAI2025-04-28
CVE-2025-43862 Dify Allows Unauthorized Access and Modification of APP Orchestration CWE-284 7.6 High2025-04-25
CVE-2025-32796 Dify Allows Unauthorized APP Enable/Disable via API CWE-284 6.5 Medium2025-04-18
CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing CWE-284 6.5 Medium2025-04-18
CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting CWE-284 6.3 Medium2025-04-18

All 16 known CVE vulnerabilities affecting dify with full Chinese analysis, references, and POCs where available.