CNNVD-202602-1808 Information

CNNVD ID

CNNVD-202602-1808

Related CVE

CVE-2026-26023

• CNNVD Published: 2026-02-11

Description (Chinese)

dify是LangGenius开源的一个开源的 LLM 应用程序开发平台。 dify 1.13.0之前版本存在跨站脚本漏洞，该漏洞源于Web应用聊天前端使用echarts时未充分验证输入，可能导致跨站脚本攻击。

Description (English)

Diffy is an open source LLM application development platform for LangGenius open source. There is a cross-site script loophole in the pre-dify 1.1.03.0 version, which results from the use of echarts at the front end of the Web application chat without sufficient validation of the input, which may result in a cross-site script attack.

Vulnerability Type

跨站脚本

Affected Vendor

LangGenius

Published

2026-02-11

Last Modified

2026-02-24

References

https://github.com/langgenius/dify/commit/378a1d7d08bd0ac5c75eaadc075a0f35211fcb8e https://github.com/langgenius/dify/releases/tag/1.13.0 https://github.com/langgenius/dify/security/advisories/GHSA-qqjx-5h5w-x5vj

Patch

https://github.com/langgenius/dify/releases