CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dify: >> Dify >> 1.11.1 Security Vulnerabilities

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fixed in 1.13.0.

CVSS Score

6.1

EPSS Score

0.0

Published

2026-02-11

Page 1

Vulnerabilities

Vulnerable Software

Dify: >> Dify >> 1.11.1 Security Vulnerabilities

Products

Pricing

Contact Us