MCP Observatory
github not analyzable

langgenius/dify

github

Production-ready platform for agentic workflow development.

maintainer
langgenius
license
NOASSERTION
first seen
2026-05-22
last seen
2026-06-14
releases · 30d
1
short id
risk42/100 · heuristic grade
C elevated

Source not yet analyzed — this grade rests on attested signals (CVEs, supply-chain) only. It is a floor: reading the code could raise it, not lower it.

  • vulnerabilitiesattested+50
  • trust mitigatorsmixed−8

attestedmixed

The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.

graded 7m ago · see ecosystem CVEs →

vulnerabilities17 CVEs · grade factor +50
HIGH
Unauthenticated Server-Side Request Forgery in /console/api/remote-files/upload endpoint affects ["< 1.13.0"]
HIGH
Client‑side DOM XSS in the web chat app of Dify when using echarts EPSS 0% CVE-2026-26023 affects ["<= V1.11.4"]
HIGH
Plaintext API Key Exposure via Model Provider Configuration Endpoint EPSS 0% CVE-2025-67732 affects ["<= 1.10.1-fix.1"]
HIGH
Dify MCP OAuth Flow Vulnerable to XSS EPSS 0% CVE-2025-58747 affects ["<=1.8.0"]
HIGH
Unauthorized Access and Modification of APP Orchestration EPSS 0% CVE-2025-43862 affects ["<= v0.6.8"]
LOW
Dify API Extension has SSRF Vulnerability affects ["0.6.7"]
MEDIUM
IDOR in deleting someone else's chat conversation EPSS 0% CVE-2026-34082 affects ["<= 1.9.2"]
MEDIUM
Stored XSS via SVG-file upload EPSS 0% CVE-2026-42138 affects ["<= 1.9.2"]
MEDIUM
Dify - Stored XSS in chat EPSS 0% CVE-2026-21866 affects ["1.10.1"]
LOW
User enumeration EPSS 0% CVE-2026-28288 affects ["<= 1.8.1"]
MEDIUM
Use of Cryptographically Weak Pseudo-Random Number Generator for API Key Generation affects ["< v1.4.2"]
MEDIUM
Broken Access Control on Log Message Endpoint Allows Reading Chats of Others EPSS 0% CVE-2025-59422 affects ["1.8.1"]
MEDIUM
Dify has xss vulnerability EPSS 0% CVE-2025-49149 affects ["1.2.0"]
LOW
DIFY vulnerable to Clickjacking Attack EPSS 0% CVE-2025-43854 affects ["<= v0.6.8"]
MEDIUM
Insecure User Role Access Control for APP Editing EPSS 0% CVE-2025-32795 affects ["<= v0.6.8"]
MEDIUM
Unauthorized APP Enable/Disable via API EPSS 0% CVE-2025-32796 affects ["<= v0.6.8"]
MEDIUM
Insecure User Role Access Control for APP DSL Exporting EPSS 0% CVE-2025-32790 affects ["<= v0.6.8"]
tool safetyall quiet

No tool-safety findings — heuristic detectors run on the compute-risk cadence; a finding appears when a tool trips a rule.

embed badgereadme-ready
live risk-grade badge preview [![MCP Observatory risk grade](https://mcpobservatory.com/servers/github:langgenius/dify/badge.svg)](https://mcpobservatory.com/servers/github:langgenius/dify/security)

Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of langgenius.