Skip to main content

Dify CVE-2026-42138

| EUVDEUVD-2026-27071 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-05-04 GitHub_M
6.9
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
May 04, 2026 - 20:30 vuln.today
Patch available
May 04, 2026 - 19:17 EUVD
CVSS changed
May 04, 2026 - 18:22 NVD
6.9 (MEDIUM)
CVE Published
May 04, 2026 - 17:34 nvd
MEDIUM 6.9

DescriptionGitHub Advisory

Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This issue has been patched in version 1.13.1.

AnalysisAI

Unauthenticated users can upload SVG files containing XSS payloads via POST /api/files/upload in Dify prior to version 1.13.1, allowing cross-site scripting attacks against application users. The authenticated endpoint POST /v1/files/upload is similarly vulnerable. This vulnerability enables attackers to execute arbitrary JavaScript in the context of victim browsers, potentially compromising user sessions or stealing sensitive data without requiring any authentication or user interaction.

Technical ContextAI

Dify is an open-source large language model (LLM) application development platform that handles file uploads through HTTP endpoints. The vulnerability stems from improper validation and sanitization of uploaded SVG files, which are XML-based vector graphics that support embedded JavaScript through event handlers and script tags. The application fails to strip or neutralize XSS payloads in SVG uploads before they are served to users. SVG files are particularly dangerous in XSS contexts because they bypass many traditional image-only file validation checks. CWE-79 (Improper Neutralization of Input During Web Page Generation) indicates the root cause is insufficient input validation and output encoding of user-supplied content in web responses.

RemediationAI

Upgrade Dify to version 1.13.1 or later, which contains the vendor-released patch. For deployments unable to immediately upgrade, implement strict Content-Security-Policy (CSP) headers with script-src 'none' and object-src 'none' to prevent inline script execution, though this may affect functionality. Additionally, configure web server restrictions to reject SVG file uploads entirely if SVG support is not required for the application, or implement server-side SVG sanitization using a library like DOMPurify (Node.js) before serving uploaded SVG files to users. Disable the POST /api/files/upload unauthenticated endpoint if possible, requiring authentication for all file uploads, which reduces but does not eliminate risk if the authenticated endpoint is similarly exploited. Monitor logs for suspicious SVG uploads containing JavaScript patterns (event handlers, script tags, data URIs).

More in Dify

View all
CVE-2025-56157 CRITICAL POC
9.8 Dec 18

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al

CVE-2026-41948 CRITICAL POC
9.3 May 18

Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and

CVE-2026-41947 CRITICAL POC
9.3 May 18

Cross-tenant authorization bypass in LangGenius Dify versions through 1.14.1 lets any logged-in editor reroute another t

CVE-2025-1796 HIGH POC
8.8 Mar 20

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts

CVE-2026-61461 HIGH POC
8.7 Jul 10

SQL injection in Dify's MyScale vector store backend (versions before 1.16.0-rc1) lets authenticated attackers execute a

CVE-2026-41949 HIGH POC
8.2 May 18

Cross-tenant document disclosure in Dify 1.14.1 and prior allows any authenticated user to read up to 3,000 characters o

CVE-2024-12039 HIGH POC
8.1 Mar 20

langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess a

CVE-2024-12776 HIGH POC
8.1 Mar 20

In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an

CVE-2025-43862 HIGH POC
7.6 Apr 25

Dify is an open-source LLM app development platform. Rated high severity (CVSS 7.6), this vulnerability is remotely expl

CVE-2024-11824 HIGH POC
7.6 Mar 20

A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log

CVE-2024-11822 HIGH POC
7.5 Mar 20

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5

CVE-2025-3466 HIGH POC
7.2 Jul 07

CVE-2025-3466 is a security vulnerability (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.

Share

CVE-2026-42138 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy