{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21866", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-05T16:44:16.368Z", "datePublished": "2026-03-03T21:42:25.311Z", "dateUpdated": "2026-03-04T21:18:08.260Z"}, "containers": {"cna": {"title": "Dify - Stored XSS in chat", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/langgenius/dify/security/advisories/GHSA-qpv6-75c2-75h4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langgenius/dify/security/advisories/GHSA-qpv6-75c2-75h4"}, {"name": "https://github.com/langgenius/dify/pull/29811", "tags": ["x_refsource_MISC"], "url": "https://github.com/langgenius/dify/pull/29811"}, {"name": "https://github.com/langgenius/dify/commit/ae17537470bba417a8971fff705dd82ecb043564", "tags": ["x_refsource_MISC"], "url": "https://github.com/langgenius/dify/commit/ae17537470bba417a8971fff705dd82ecb043564"}], "affected": [{"vendor": "langgenius", "product": "dify", "versions": [{"version": "< 1.11.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-03T21:43:32.391Z"}, "descriptions": [{"lang": "en", "value": "Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify\u2019s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2."}], "source": {"advisory": "GHSA-qpv6-75c2-75h4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T21:17:56.778472Z", "id": "CVE-2026-21866", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T21:18:08.260Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21866", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-04T21:17:56.778472Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T21:18:03.261Z"}}], "cna": {"title": "Dify - Stored XSS in chat", "source": {"advisory": "GHSA-qpv6-75c2-75h4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "langgenius", "product": "dify", "versions": [{"status": "affected", "version": "< 1.11.2"}]}], "references": [{"url": "https://github.com/langgenius/dify/security/advisories/GHSA-qpv6-75c2-75h4", "name": "https://github.com/langgenius/dify/security/advisories/GHSA-qpv6-75c2-75h4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/langgenius/dify/pull/29811", "name": "https://github.com/langgenius/dify/pull/29811", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/langgenius/dify/commit/ae17537470bba417a8971fff705dd82ecb043564", "name": "https://github.com/langgenius/dify/commit/ae17537470bba417a8971fff705dd82ecb043564", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify\u2019s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-03T21:43:32.391Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21866", "state": "PUBLISHED", "dateUpdated": "2026-03-04T21:18:08.260Z", "dateReserved": "2026-01-05T16:44:16.368Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-03T21:42:25.311Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1A7A83E-6F78-4578-9907-E31F0BF9ED2D", "versionEndExcluding": "1.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify\u2019s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This vulnerability is fixed in 1.11.2."}], "id": "CVE-2026-21866", "lastModified": "2026-03-05T21:24:07.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-03T22:16:27.973", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/langgenius/dify/commit/ae17537470bba417a8971fff705dd82ecb043564"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/langgenius/dify/pull/29811"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/langgenius/dify/security/advisories/GHSA-qpv6-75c2-75h4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.11.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "dify", "source": "cna", "vendor": "langgenius"}, "product": "dify", "vendor": "langgenius"}], "analysis": {"en": {"generated_at": "2026-04-18T10:03:40.191627+00:00", "value": {"mitigation_remediation": ["Deploy Dify version 1.11.2 or later to replace all vulnerable instances.", "If an upgrade cannot occur immediately, modify the Mermaid configuration to a stricter security level (e.g., securityLevel: strict) or disable Mermaid diagram rendering in the chat component.", "Apply comprehensive input validation: sanitize or escape all user-supplied content before rendering and test the updated system for residual XSS risk."], "summary": {"action": "Apply Patch", "impact": "Stored Cross-Site Scripting"}, "threat_synthesis": {"affected_systems": "The flaw affects the Dify open-source LLM application, specifically versions older than 1.11.2. The attack surface is evident in the chat rendering component that accepts Mermaid diagram definitions. Users deploying Dify installations of these older releases are impacted.", "description_and_impact": "The vulnerability allows an attacker to embed malicious code inside a Mermaid diagram that is rendered within chat messages. When an affected message is viewed, the injected code executes in the browser of any user who opens the chat, enabling session hijacking, data theft, or further exploitation. The weakness is classified as CWE-79, indicating insufficient input validation and output encoding for user-supplied content.", "risk_and_exploitability": "The CVSS score of 5.1 indicates moderate severity, and the EPSS score is below 1\u202f%, showing very low but nonzero exploitation probability. The vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector is web-based interaction: an attacker can craft a Mermaid diagram, submit it via the chat interface, and have it stored by the system. When any user (including administrators) later views the chat, the malicious script runs within their browser context, compromising that user\u2019s session or local environment. The impact is confined to victims\u2019 browsers, but the stored nature can propagate the script to multiple users."}}}}, "created": "2026-03-04T14:53:42.968453+00:00", "updated": "2026-04-18T10:15:25.866334+00:00", "vendors": ["langgenius", "langgenius$PRODUCT$dify"]}