CNNVD-202601-816 Information
Jan 05, 2026
cve
CNNVD ID
CNNVD-202601-816
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.11.0之前版本存在安全漏洞,该漏洞源于API密钥以明文形式暴露给前端,可能导致未经授权访问第三方服务。
Description (English)
Diffy is an open source LLM application development platform for LangGenius open source. There was a security loophole in the pre-dify 1.11.0 version, which originated from the fact that the API key was exposed in an explicit form to the front, which could lead to unauthorized access to third-party services.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
LangGenius
Published
2026-01-05
Last Modified
2026-02-24
References
https://github.com/langgenius/dify/security/advisories/GHSA-phpv-94hg-fv9g
Patch
https://github.com/langgenius/dify/releases
Share on: