Description
Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This issue has been patched in version 1.13.1.
Published: 2026-05-04
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to upload any SVG file that contains malicious embedded scripts without sanitization. When a user opens or views the uploaded SVG, the script executes in that user’s browser session, enabling the attacker to run arbitrary JavaScript in the context of the hosting web application. This can lead to theft of session cookies, defacement, credential theft, or redirection to phishing sites, as the injected code has the same privileges as the victim’s browser. The weakness is identified as CWE‑79, a flaw involving improper handling of untrusted script content.

Affected Systems

All installations of the langgenius Dify platform running versions earlier than 1.13.1 are affected. Both the publicly accessible file upload endpoint POST /api/files/upload and the authenticated API endpoint POST /v1/files/upload are vulnerable, so guests and authenticated users alike can upload malicious SVGs that are later stored and served back to users.

Risk and Exploitability

With a CVSS score of 6.9 the flaw is considered moderate in severity. No EPSS score is available and the issue is not listed in the CISA KEV catalog. The likely attack vector is an unauthenticated or authenticated web or API request over the network; an attacker can simply upload a crafted SVG file and then entice or force a victim to view the file, thereby triggering the stored XSS payload.

Generated by OpenCVE AI on May 4, 2026 at 18:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dify to version 1.13.1 or later to apply the vendor patch.
  • Restrict file uploads so that only authenticated users can upload files, and consider disabling SVG uploads entirely.
  • Implement server‑side SVG sanitization that removes or neutralises <script> elements and other executable content, or apply a strict Content‑Security‑Policy that blocks inline scripts.

Generated by OpenCVE AI on May 4, 2026 at 18:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Langgenius
Langgenius dify
Vendors & Products Langgenius
Langgenius dify

Mon, 04 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/files/upload, which requires authentication through the application API, is also vulnerable. This issue has been patched in version 1.13.1.
Title Dify Vulnerable to Stored XSS via SVG-file upload
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Langgenius Dify
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-04T18:48:58.586Z

Reserved: 2026-04-24T17:15:21.833Z

Link: CVE-2026-42138

cve-icon Vulnrichment

Updated: 2026-05-04T18:48:35.997Z

cve-icon NVD

Status : Received

Published: 2026-05-04T18:16:31.523

Modified: 2026-05-04T20:16:20.070

Link: CVE-2026-42138

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:30:02Z

Weaknesses