Known Vulnerabilities for products from Dify
Listed below are 4 of the newest known vulnerabilities associated with the vendor "Dify".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-42138 json | Not Provided | 2026-05-04 | 2026-05-04 | |
| CVE-2026-41950 json | Not Provided | 2026-05-05 | 2026-05-06 | |
| CVE-2026-41949 json | Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authen... | Not Provided | 2026-05-18 | 2026-05-26 |
| CVE-2026-41948 json | Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests f... | Not Provided | 2026-05-18 | 2026-05-26 |
| CVE-2026-41947 json | Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and e... | Not Provided | 2026-05-18 | 2026-05-26 |
| CVE-2026-34082 json | Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/ |
Not Provided | 2026-04-20 | 2026-04-23 |
| CVE-2026-6619 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2026-6618 json | Not Provided | 2026-04-20 | 2026-04-20 | |
| CVE-2026-6617 json | Not Provided | 2026-04-20 | 2026-04-20 |