Lucene search
K

Dify User Enumeration via Observable Response Discrepancy

🗓️ 06 Jul 2026 03:02:03Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 18 Views

Dify prior to version 1.9.0 leaked emails via response discrepancy enabling user enumeration.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-28288
27 Feb 202620:25
attackerkb
Circl
CVE-2026-28288
27 Feb 202623:20
circl
CNNVD
dify 安全漏洞
27 Feb 202600:00
cnnvd
CVE
CVE-2026-28288
27 Feb 202620:25
cve
Cvelist
CVE-2026-28288 Dify has a user enumeration issue
27 Feb 202620:25
cvelist
EUVD
EUVD-2026-9068
27 Feb 202620:25
euvd
NVD
CVE-2026-28288
27 Feb 202621:16
nvd
OSV
CVE-2026-28288 Dify has a user enumeration issue
27 Feb 202620:25
osv
Positive Technologies
PT-2026-22397
27 Feb 202600:00
ptsecurity
RedhatCVE
CVE-2026-28288
1 Mar 202601:43
redhatcve
Rows per page
id: CVE-2026-28288

info:
  name: Dify User Enumeration via Observable Response Discrepancy
  author: DhiyaneshDk
  severity: medium
  description: |
    Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue.
  impact: |
    Attackers can enumerate registered email addresses, potentially aiding further targeted attacks or phishing.
  remediation: |
    Update to version 1.9.0 or later.
  reference:
    - https://github.com/langgenius/dify/security/advisories/GHSA-9qpf-wcv3-w3qx
    - https://github.com/langgenius/dify/issues/24323
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2026-28288
    epss-score: 0.00635
    epss-percentile: 0.46047
    cwe-id: CWE-204
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2026,dify,user-enum,info-leak

http:
  - raw:
      - |
        POST /console/api/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"email":"nonexistent{{randstr}}@example.com","password":"{{randstr}}","language":"en-US","remember_me":true}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Account not found"

      - type: word
        part: content_type
        words:
          - "application/json"

      - type: status
        status:
          - 400
# digest: 4b0a00483046022100c52049443d67075f607437da61044bca2e2968221650d1f6e257ddc022e8d59202210093ec3268c58ea25ffc9e3eb2d1dc0614f9f5c1a5f9ed6e96e698fb8e3aa76937:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Mar 2026 12:02Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.3
CVSS 46.9
EPSS0.00635
SSVC
18