EUVD-2026-30774

Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

CVE-2025-29720

Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...

CVE-2025-29720

Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify v1.0, which stems from a server-side request forgery in the component controllers.console.remotefiles.RemoteFileUploadApi...

CVE-2025-29720

CVE-2025-29720 affects Dify v1.0 with a Server-Side Request Forgery via controllers.console.remote_files.RemoteFileUploadApi. Root cause: SSRF in that API component. Impact per provided metrics: CVSS 3.1 base score 4.8 (Medium); attack vector Local, user interaction required; confidentiality, int...