Dify
CVE-2026-34082
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
Dify is an open-source LLM app development platform. Prior to 1.13.1, the method DELETE /console/api/installed-apps/<appId>/conversations/<conversationId> has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue.
AnalysisAI
Dify prior to version 1.13.1 allows any authenticated user to delete other users' chat histories via the DELETE /console/api/installed-apps/<appId>/conversations/<conversationId> endpoint due to insufficient authorization checks. An authenticated attacker can target any conversation ID to perform unauthorized deletion, resulting in data loss for other users. This vulnerability requires valid Dify authentication but no special privileges, affecting all vulnerable versions via network access.
Technical ContextAI
Dify is an open-source LLM application development platform that provides conversational interfaces and chat management capabilities. The vulnerability resides in the conversation deletion endpoint, which implements authentication (PR:L in CVSS vector) but fails to perform adequate authorization checks to verify that the requesting user owns or has permission to delete the targeted conversation. CWE-863 (Incorrect Authorization) indicates the root cause is missing or improper access control logic that should validate resource ownership before allowing deletion. The affected endpoint exposes conversation resources without verifying the requester's relationship to the conversation data, allowing horizontal privilege escalation where one authenticated user can manipulate another user's data.
RemediationAI
Update Dify to version 1.13.1 or later immediately, as vendor-released patches are available in the official release at https://github.com/langgenius/dify/releases/tag/1.13.1. For organizations unable to upgrade immediately, implement network-level access controls restricting the /console/api/installed-apps endpoint to authenticated and authorized users only, and consider disabling the conversation deletion feature via application configuration if not essential to your workflow. Monitor and audit conversation deletion logs for suspicious patterns (bulk deletions, cross-user deletions) to detect exploitation attempts. Note that these compensating controls provide detection and partial mitigation but do not prevent the vulnerability itself - upgrading to 1.13.1 is the definitive fix and should be prioritized.
Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al
Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and
Cross-tenant authorization bypass in LangGenius Dify versions through 1.14.1 lets any logged-in editor reroute another t
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts
SQL injection in Dify's MyScale vector store backend (versions before 1.16.0-rc1) lets authenticated attackers execute a
Cross-tenant document disclosure in Dify 1.14.1 and prior allows any authenticated user to read up to 3,000 characters o
langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess a
In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an
Dify is an open-source LLM app development platform. Rated high severity (CVSS 7.6), this vulnerability is remotely expl
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log
langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5
CVE-2025-3466 is a security vulnerability (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today