Langgenius Dify vulnerabilities
38 known vulnerabilities affecting langgenius/dify.
Total CVEs
38
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH9MEDIUM22LOW2
Vulnerabilities
Page 1 of 2
CVE-2025-63387P1HIGHCVSS 7.5ExploitedPoCv1.9.12025-12-18
CVE-2025-63387 [HIGH] CWE-284 CVE-2025-63387: Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTT
Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks, allowing anonymous access to sensitive system configuration data. NOTE: Th
nvd
CVE-2026-41948P2CRITICALCVSS 9.4≤ 1.14.12026-05-18
CVE-2026-41948 [CRITICAL] CWE-23 CVE-2026-41948: Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated f
nvd
CVE-2025-56157P2CRITICALCVSS 9.8≤ 1.5.12025-12-18
CVE-2025-56157 [CRITICAL] CWE-798 CVE-2025-56157: Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-com
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version 1.0.1 or later.
nvd
CVE-2025-63388P2CRITICALCVSS 9.1v1.9.12025-12-18
CVE-2025-63388 [CRITICAL] CWE-346 CVE-2025-63388: A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any external domain to make authenticated cross-origin re
nvd
CVE-2026-41947P3CRITICALCVSS 9.1fixed in 1.14.22026-05-18
CVE-2026-41947 [CRITICAL] CWE-639 CVE-2026-41947: Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim appl
nvd
CVE-2025-63386P3CRITICALCVSS 9.1v1.9.12025-12-18
CVE-2025-63386 [CRITICAL] CWE-346 CVE-2025-63386: A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /
A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains to make authenticated requests. NOTE: the Supplier
nvd
CVE-2026-28288P3MEDIUMCVSS 5.3PoCfixed in 1.9.02026-02-27
CVE-2026-28288 [MEDIUM] CWE-204 CVE-2026-28288: Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue.
nvd
CVE-2025-11750P3MEDIUMCVSS 5.3PoCv1.6.02025-10-22
CVE-2025-11750 [MEDIUM] CWE-544 CVE-2025-11750: In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user acc
In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system responds with a message such as "account not found." Conve
nvd
CVE-2025-1796P3HIGHCVSS 8.8v0.10.12025-03-20
CVE-2025-1796 [HIGH] CWE-338 CVE-2025-1796: A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including ad
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts, by exploiting a weak pseudo-random number generator (PRNG) used for generating password reset codes. The application uses `random.randint` for this purpose, which is not suitable for cryptographic use and can be cracked. An attacker
nvd
CVE-2026-41949P3HIGHCVSS 7.5fixed in 1.14.22026-05-18
CVE-2026-41949 [HIGH] CWE-639 CVE-2026-41949: Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoi
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file U
nvd
CVE-2024-12039P3HIGHCVSS 8.1v0.10.12025-03-20
CVE-2024-12039 [HIGH] CWE-307 CVE-2024-12039: langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the nu
langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess attempts for password reset. This allows an unauthenticated attacker to reset owner, admin, or other user passwords within a few hours by guessing the six-digit code, resulting in a complete compromise of the application.
nvd
CVE-2025-43862P3HIGHCVSS 7.6fixed in 0.6.122025-04-25
CVE-2025-43862 [HIGH] CWE-284 CVE-2025-43862: Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and changes on the APPSs. This issue has been patched in v
nvd
CVE-2025-3466P3HIGHCVSS 7.2≥ 1.1.0, < 1.1.32025-07-07
CVE-2025-3466 [HIGH] CWE-1100 CVE-2025-3466: langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowi
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as parseInt, before sandbox security restrictions are imposed. This can lead to unauthorized access to s
nvd
CVE-2024-12776P3HIGHCVSS 8.1v0.10.12025-03-20
CVE-2024-12776 [HIGH] CWE-305 CVE-2024-12776: In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password rese
In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application.
nvd
CVE-2024-10252P3HIGHCVSS 7.2≤ 0.9.12025-03-20
CVE-2024-10252 [HIGH] CWE-94 CVE-2024-10252: A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF req
A vulnerability in langgenius/dify versions <=v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of the entire sandbox service and causing irreversible dam
nvd
CVE-2026-6617P3MEDIUMCVSS 6.3v0.6.0v0.6.1+8 more2026-04-20
CVE-2026-6617 [MEDIUM] CWE-918 CVE-2026-6617: A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remo
nvd
CVE-2026-41950P3MEDIUMCVSS 6.5fixed in 1.14.02026-05-05
CVE-2026-41950 [MEDIUM] CWE-639 CVE-2026-41950: Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit insufficient permission verification in the chat-messages e
nvd
CVE-2024-12775P3MEDIUMCVSS 6.5v0.10.12025-03-20
CVE-2024-12775 [MEDIUM] CWE-918 CVE-2024-12775: langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the te
langgenius/dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability in the test functionality for the Create Custom Tool option via the REST API `POST /console/api/workspaces/current/tool-provider/api/test/pre`. Attackers can set the `url` in the `servers` dictionary in OpenAI's schema with arbitrary URL targets, allowing them
nvd
CVE-2026-6618P3MEDIUMCVSS 6.3v1.13.0v1.13.1+2 more2026-04-20
CVE-2026-6618 [MEDIUM] CWE-918 CVE-2026-6618: A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_
A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be launched remotely. The exploit has b
nvd
CVE-2025-67732P3MEDIUMCVSS 6.5fixed in 1.11.02026-01-05
CVE-2025-67732 [MEDIUM] CWE-200 CVE-2025-67732: Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed
Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version 1.11.0 fixes the issue.
nvd
1 / 2Next →