CVE-2026-26023 is a cross-site scripting (XSS) vulnerability classified under CWE-79, found in the open-source LLM app development platform Dify, developed by langgenius. The vulnerability affects versions prior to 1.13.0 and is located in the web application chat frontend, specifically when rendering echarts visualizations. The root cause is improper neutralization of user or LLM-generated inputs that are incorporated into echarts configurations without adequate sanitization. This flaw allows an attacker to craft inputs containing malicious JavaScript payloads that execute in the context of the victim's browser when the echarts component renders them. The vulnerability requires no privileges or authentication but does require user interaction to trigger the malicious script. The CVSS 4.0 base score is 5.3 (medium severity), reflecting network attack vector, low complexity, no privileges required, no user interaction except for triggering, and limited scope impact. The vulnerability can lead to client-side script execution, which may result in session hijacking, data theft, or manipulation of the user interface. Although no known exploits are reported in the wild, the risk is significant for applications exposing chat frontends to untrusted inputs. The issue was addressed in Dify version 1.13.0 by implementing proper input sanitization and escaping mechanisms in the echarts rendering pipeline. No official patch links are provided, but upgrading to the fixed version is recommended.

For European organizations, this vulnerability poses a risk primarily to web applications built on or integrating the Dify platform versions prior to 1.13.0, especially those exposing chat frontends to external or untrusted inputs. Successful exploitation could allow attackers to execute arbitrary JavaScript in users' browsers, potentially leading to session hijacking, credential theft, unauthorized actions on behalf of users, or distribution of malware. This can undermine user trust, violate data protection regulations such as GDPR, and lead to reputational damage. Organizations involved in AI development, research, or providing AI-powered services may be particularly targeted due to their use of LLM platforms like Dify. The vulnerability's medium severity and requirement for user interaction limit its impact somewhat, but the broad network attack vector and lack of authentication requirements mean it can be exploited remotely and at scale if unmitigated. Additionally, the improper input handling may expose organizations to compliance risks under European data protection laws if user data is compromised.

1. Upgrade all instances of Dify to version 1.13.0 or later, where the vulnerability is fixed. 2. Implement strict input validation and sanitization on all user and LLM-generated inputs before they are passed to echarts or any frontend rendering components. 3. Apply Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 4. Conduct regular security audits and code reviews focusing on input handling and frontend rendering logic. 5. Educate developers and users about the risks of XSS and encourage cautious handling of untrusted inputs. 6. Monitor application logs and user reports for signs of suspicious activity that might indicate attempted exploitation. 7. If upgrading immediately is not feasible, consider disabling or restricting the use of echarts in chat frontends or sanitizing inputs at the application layer as a temporary workaround.