CVE-2026-34082

Sažetak

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue.

Reference

https://github.com/langgenius/dify/releases/tag/1.13.1
https://github.com/langgenius/dify/security/advisories/GHSA-fxq3-hh7x-c63p

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

20-04-2026 - 23:16

Objavljeno

20-04-2026 - 23:16