Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionGitHub Advisory
Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This issue has been patched in version 1.13.1.
AnalysisAI
Unauthenticated users can upload SVG files containing XSS payloads via POST /api/files/upload in Dify prior to version 1.13.1, allowing cross-site scripting attacks against application users. The authenticated endpoint POST /v1/files/upload is similarly vulnerable. This vulnerability enables attackers to execute arbitrary JavaScript in the context of victim browsers, potentially compromising user sessions or stealing sensitive data without requiring any authentication or user interaction.
Technical ContextAI
Dify is an open-source large language model (LLM) application development platform that handles file uploads through HTTP endpoints. The vulnerability stems from improper validation and sanitization of uploaded SVG files, which are XML-based vector graphics that support embedded JavaScript through event handlers and script tags. The application fails to strip or neutralize XSS payloads in SVG uploads before they are served to users. SVG files are particularly dangerous in XSS contexts because they bypass many traditional image-only file validation checks. CWE-79 (Improper Neutralization of Input During Web Page Generation) indicates the root cause is insufficient input validation and output encoding of user-supplied content in web responses.
RemediationAI
Upgrade Dify to version 1.13.1 or later, which contains the vendor-released patch. For deployments unable to immediately upgrade, implement strict Content-Security-Policy (CSP) headers with script-src 'none' and object-src 'none' to prevent inline script execution, though this may affect functionality. Additionally, configure web server restrictions to reject SVG file uploads entirely if SVG support is not required for the application, or implement server-side SVG sanitization using a library like DOMPurify (Node.js) before serving uploaded SVG files to users. Disable the POST /api/files/upload unauthenticated endpoint if possible, requiring authentication for all file uploads, which reduces but does not eliminate risk if the authenticated endpoint is similarly exploited. Monitor logs for suspicious SVG uploads containing JavaScript patterns (event handlers, script tags, data URIs).
Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al
Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and
Cross-tenant authorization bypass in LangGenius Dify versions through 1.14.1 lets any logged-in editor reroute another t
A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts
SQL injection in Dify's MyScale vector store backend (versions before 1.16.0-rc1) lets authenticated attackers execute a
Cross-tenant document disclosure in Dify 1.14.1 and prior allows any authenticated user to read up to 3,000 characters o
langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess a
In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an
Dify is an open-source LLM app development platform. Rated high severity (CVSS 7.6), this vulnerability is remotely expl
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log
langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5
CVE-2025-3466 is a security vulnerability (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27071