CVE-2026-6617 - Vulnerability Details

- langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery

Description

A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published: 2026-04-20

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw exists in langgenius dify’s ApiToolManageService get_api_tool_provider_remote_schema function, where an attacker can manipulate the url argument to trigger arbitrary HTTP calls from the server. This SSRF allows the adversary to reach internal or external resources, potentially exposing confidential data or enabling lateral movement. The vulnerability is classified as CWE‑918 and can compromise data confidentiality and integrity, though it does not provide direct code execution.

Affected Systems

langgenius dify software versions up to 0.6.9 are affected. The issue resides in the api/services/tools/api_tools_manage_service.py file, so any deployment of dify 0.6.9 or earlier remains vulnerable until updated.

Risk and Exploitability

The CVSS score of 5.3 denotes a moderate severity. The EPSS score is not available, but the flaw has been publicly disclosed and is exploitable from remote clients. It is not yet listed in the CISA KEV catalog. The attack vector is remote, exploiting the server’s ability to resolve and fetch any URL specified by the attacker, potentially targeting internal services.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

langgenius

dify

affected

Version	Status	Constraints
`0.6.0`	affected	—
`0.6.1`	affected	—
`0.6.2`	affected	—
`0.6.3`	affected	—
`0.6.4`	affected	—
`0.6.5`	affected	—
`0.6.6`	affected	—
`0.6.7`	affected	—
`0.6.8`	affected	—
`0.6.9`	affected	—

No data.

Vendor Product Confidence Versions

Langgenius

Dify

95%

Version	Status	Scheme	Platform
`0.6.0`	affected	semver	—
`0.6.1`	affected	semver	—
`0.6.2`	affected	semver	—
`0.6.3`	affected	semver	—
`0.6.4`	affected	semver	—
`0.6.5`	affected	semver	—
`0.6.6`	affected	semver	—
`0.6.7`	affected	semver	—
`0.6.8`	affected	semver	—
`0.6.9`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest langgenius dify release that removes the SSRF vulnerability, ensuring the get_api_tool_provider_remote_schema function no longer accepts arbitrary URLs.
If an upgrade cannot be performed immediately, restrict access to the get_api_tool_provider_remote_schema endpoint to trusted administrators or IP ranges, or disable the endpoint entirely.
Implement outbound request filtering or firewall rules to block unexpected internal requests, limiting the attacker’s ability to reach internal hosts from the application.

Generated by OpenCVE AI on April 20, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00034.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63
https://vuldb.com/submit/792231
https://vuldb.com/vuln/358252
https://vuldb.com/vuln/358252/cti

History

Mon, 20 Apr 2026 12:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 20 Apr 2026 07:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Title		langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery
First Time appeared		Langgenius Langgenius dify
Weaknesses		CWE-918
CPEs		cpe:2.3:a:langgenius:dify::::::::
Vendors & Products		Langgenius Langgenius dify
References		https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63 https://vuldb.com/submit/792231 https://vuldb.com/vuln/358252 https://vuldb.com/vuln/358252/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Langgenius Dify

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-20T07:30:12.357Z

Updated: 2026-04-20T11:12:15.089Z

Reserved: 2026-04-19T16:18:35.592Z

Link: CVE-2026-6617

Vulnrichment

Updated: 2026-04-20T11:11:56.773Z

NVD

Status : Received

Published: 2026-04-20T08:16:11.597

Modified: 2026-04-20T08:16:11.597

Link: CVE-2026-6617

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-20T11:30:05Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object