Langgenius Dify vulnerabilities
38 known vulnerabilities affecting langgenius/dify.
Total CVEs
38
CISA KEV
0
Public exploits
3
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH9MEDIUM22LOW2
Vulnerabilities
Page 2 of 2
CVE-2025-0184P3MEDIUMCVSS 6.5fixed in 0.11.02025-03-20
CVE-2025-0184 [MEDIUM] CWE-918 CVE-2025-0184: A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2.
A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests' module instead of the 'ssrf_proxy', leading to an SS
nvd
CVE-2025-32795P3MEDIUMCVSS 6.5fixed in 0.6.122025-04-18
CVE-2025-32795 [MEDIUM] CWE-284 CVE-2025-32795: Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was id
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite being restricted from viewing apps, which poses a secu
nvd
CVE-2025-58747P3MEDIUMCVSS 6.1fixed in 1.9.2≤ 1.9.12025-10-17
CVE-2025-58747 [MEDIUM] CWE-79 CVE-2025-58747: Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth compo
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorization_url provided by a remote MCP server is directly passed to w
nvd
CVE-2025-32796P3MEDIUMCVSS 6.5≤ 0.6.8fixed in 0.6.122025-04-18
CVE-2025-32796 [MEDIUM] CWE-284 CVE-2025-32796: Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was id
Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to m
nvd
CVE-2024-11824P3HIGHCVSS 7.6fixed in 0.12.12025-03-20
CVE-2024-11824 [HIGH] CWE-79 CVE-2024-11824: A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specific
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like and are not disallowed, allowing an attacker to inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the att
nvd
CVE-2026-42138P4MEDIUMCVSS 6.1fixed in 1.13.12026-05-04
CVE-2026-42138 [MEDIUM] CWE-79 CVE-2026-42138: Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST
Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This issue has been patched in version 1.13.1.
nvd
CVE-2026-26023P4MEDIUMCVSS 6.1fixed in 1.13.02026-02-11
CVE-2026-26023 [MEDIUM] CWE-79 CVE-2026-26023: Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnera
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fixed in 1.13.0.
nvd
CVE-2025-43854P4MEDIUMCVSS 6.1≤ 0.6.8fixed in 1.3.02025-04-28
CVE-2025-43854 [MEDIUM] CWE-1021 CVE-2025-43854: DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerab
DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to unauthorized actions being performed, potentially co
nvd
CVE-2025-3467P4MEDIUMCVSS 5.4fixed in 1.1.32025-07-07
CVE-2025-3467 [MEDIUM] CWE-79 CVE-2025-3467: An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firef
An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the monitoring/log function using Firefox, the XSS vulnerabil
nvd
CVE-2026-21866P4MEDIUMCVSS 5.4fixed in 1.11.22026-03-03
CVE-2026-21866 [MEDIUM] CWE-79 CVE-2026-21866: Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2.
nvd
CVE-2025-49149P4MEDIUMCVSS 6.1v1.2.0v= 1.2.02025-06-17
CVE-2025-49149 [MEDIUM] CWE-79 CVE-2025-49149: Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filteri
Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting (XSS) attack when a user browses these web pages. At time of posting, there is no
nvd
CVE-2024-11850P4MEDIUMCVSS 5.4v0.9.22025-03-20
CVE-2024-11850 [MEDIUM] CWE-79 CVE-2024-11850: A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. T
A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. The vulnerability is due to improper validation and sanitization of user input in SVG markdown support within the chatbot feature. An attacker can exploit this vulnerability by injecting malicious SVG content, which can execute arbitrary JavaScript code
nvd
CVE-2024-11821P4MEDIUMCVSS 4.3v0.9.12025-03-20
CVE-2024-11821 [MEDIUM] CWE-250 CVE-2024-11821: A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability all
A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint /console/api/apps/{chatbot-id}/model-config, allowing unaut
nvd
CVE-2025-32790P4MEDIUMCVSS 4.3fixed in 0.6.132025-04-18
CVE-2025-32790 [MEDIUM] CWE-284 CVE-2025-32790: Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability wa
Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for this vulnerability involves updating the access control
nvd
CVE-2026-34082P4MEDIUMCVSS 4.3fixed in 1.13.12026-04-20
CVE-2026-34082 [MEDIUM] CWE-284 CVE-2026-34082: Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/ap
Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps//conversations/` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue.
nvd
CVE-2026-6619P4LOWCVSS 3.5v1.13.0v1.13.1+2 more2026-04-20
CVE-2026-6619 [LOW] CWE-79 CVE-2026-6619: A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTa
A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public
nvd
CVE-2025-29720P4MEDIUMCVSS 4.8v1.0.02025-04-14
CVE-2025-29720 [MEDIUM] CWE-918 CVE-2025-29720: Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controlle
Dify v1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi.
nvd
CVE-2025-59422P4LOWCVSS 3.1v1.8.1v= 1.8.12025-09-25
CVE-2025-59422 [LOW] CWE-284 CVE-2025-59422: Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulne
Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/chat-messages?conversation_id=&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query data and the filename of the admins and probably other us
nvd
← Previous2 / 2