CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Dify: >> Dify >> 1.11.1 Security Vulnerabilities

CVE-2026-21866

Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2.

CVSS Score

5.1

EPSS Score

0.0

Published

2026-03-03

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fixed in 1.13.0.

CVSS Score

5.3

EPSS Score

0.0

Published

2026-02-11

Page 1

Vulnerabilities

Vulnerable Software

Dify: >> Dify >> 1.11.1 Security Vulnerabilities

Products

Pricing

Contact Us