Byron Wang

1 exploit Active since Feb 2026
CVE-2026-26023 WRITEUP MEDIUM WRITEUP
dify < 1.13.0 - Stored Cross-Site Scripting via ECharts Payload
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fixed in 1.13.0.
CVSS 6.1