CVE-2026-6617: Server-Side Request Forgery in langgenius dify
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
This vulnerability exists in langgenius dify (up to version 0.6.9) within the get_api_tool_provider_remote_schema function of the api_tools_manage_service.py file. By manipulating the URL parameter, an attacker can trigger server-side request forgery, causing the server to send crafted requests to arbitrary destinations. The vulnerability can be exploited remotely without user interaction and requires low privileges. The vendor has not issued any patch or advisory, and the exploit is publicly available.
Potential Impact
Successful exploitation allows an attacker to induce the vulnerable server to make arbitrary HTTP requests to internal or external systems. This can lead to unauthorized information disclosure or interaction with internal services not normally accessible to the attacker. However, the impact is limited by the vulnerability's medium severity rating and the requirement for some level of privilege (PR:L). There is no indication of direct code execution or data corruption.
Mitigation Recommendations
No official fix or patch is currently available, and the vendor has not responded to the disclosure. Users should consider mitigating the risk by restricting network access from the affected service to untrusted destinations, implementing input validation or filtering on the URL parameter, or isolating the service in a segmented network environment. Monitor for any future vendor advisories or updates for an official patch.
CVE-2026-6617: Server-Side Request Forgery in langgenius dify
Description
A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS v4.0
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability exists in langgenius dify (up to version 0.6.9) within the get_api_tool_provider_remote_schema function of the api_tools_manage_service.py file. By manipulating the URL parameter, an attacker can trigger server-side request forgery, causing the server to send crafted requests to arbitrary destinations. The vulnerability can be exploited remotely without user interaction and requires low privileges. The vendor has not issued any patch or advisory, and the exploit is publicly available.
Potential Impact
Successful exploitation allows an attacker to induce the vulnerable server to make arbitrary HTTP requests to internal or external systems. This can lead to unauthorized information disclosure or interaction with internal services not normally accessible to the attacker. However, the impact is limited by the vulnerability's medium severity rating and the requirement for some level of privilege (PR:L). There is no indication of direct code execution or data corruption.
Mitigation Recommendations
No official fix or patch is currently available, and the vendor has not responded to the disclosure. Users should consider mitigating the risk by restricting network access from the affected service to untrusted destinations, implementing input validation or filtering on the URL parameter, or isolating the service in a segmented network environment. Monitor for any future vendor advisories or updates for an official patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-19T16:18:35.592Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e5d9d119fe3cd2cda9cb51
Added to database: 4/20/2026, 7:46:25 AM
Last enriched: 4/20/2026, 8:01:32 AM
Last updated: 6/4/2026, 3:45:39 AM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.