Description
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2.
Published: 2026-03-03
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross-Site Scripting
Action: Apply Patch
AI Analysis

Impact

The vulnerability allows an attacker to embed malicious code inside a Mermaid diagram that is rendered within chat messages. When an affected message is viewed, the injected code executes in the browser of any user who opens the chat, enabling session hijacking, data theft, or further exploitation. The weakness is classified as CWE-79, indicating insufficient input validation and output encoding for user-supplied content.

Affected Systems

The flaw affects the Dify open-source LLM application, specifically versions older than 1.11.2. The attack surface is evident in the chat rendering component that accepts Mermaid diagram definitions. Users deploying Dify installations of these older releases are impacted.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, and the EPSS score is below 1 %, showing very low but nonzero exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is web-based interaction: an attacker can craft a Mermaid diagram, submit it via the chat interface, and have it stored by the system. When any user (including administrators) later views the chat, the malicious script runs within their browser context, compromising that user’s session or local environment. The impact is confined to victims’ browsers, but the stored nature can propagate the script to multiple users.

Generated by OpenCVE AI on April 18, 2026 at 10:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy Dify version 1.11.2 or later to replace all vulnerable instances.
  • If an upgrade cannot occur immediately, modify the Mermaid configuration to a stricter security level (e.g., securityLevel: strict) or disable Mermaid diagram rendering in the chat component.
  • Apply comprehensive input validation: sanitize or escape all user-supplied content before rendering and test the updated system for residual XSS risk.

Generated by OpenCVE AI on April 18, 2026 at 10:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 05 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Dify
Dify dify
CPEs cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*
Vendors & Products Dify
Dify dify
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Wed, 04 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 04 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Langgenius
Langgenius dify
Vendors & Products Langgenius
Langgenius dify

Tue, 03 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Description Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2.
Title Dify - Stored XSS in chat
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Dify Dify
Langgenius Dify
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-04T21:18:08.260Z

Reserved: 2026-01-05T16:44:16.368Z

Link: CVE-2026-21866

cve-icon Vulnrichment

Updated: 2026-03-04T21:18:03.261Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-03T22:16:27.973

Modified: 2026-03-05T21:24:07.767

Link: CVE-2026-21866

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:15:25Z

Weaknesses