{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6617", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-19T16:18:35.592Z", "datePublished": "2026-04-20T07:30:12.357Z", "dateUpdated": "2026-04-20T11:12:15.089Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T07:30:12.357Z"}, "title": "langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "langgenius", "product": "dify", "versions": [{"version": "0.6.0", "status": "affected"}, {"version": "0.6.1", "status": "affected"}, {"version": "0.6.2", "status": "affected"}, {"version": "0.6.3", "status": "affected"}, {"version": "0.6.4", "status": "affected"}, {"version": "0.6.5", "status": "affected"}, {"version": "0.6.6", "status": "affected"}, {"version": "0.6.7", "status": "affected"}, {"version": "0.6.8", "status": "affected"}, {"version": "0.6.9", "status": "affected"}], "cpes": ["cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:*"], "modules": ["ApiToolManageService"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-19T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-19T18:23:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-g (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358252", "name": "VDB-358252 | langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358252/cti", "name": "VDB-358252 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792231", "name": "Submit #792231 | LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T11:11:24.609669Z", "id": "CVE-2026-6617", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T11:12:15.089Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6617", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T11:11:24.609669Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T11:11:56.773Z"}}], "cna": {"title": "langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-g (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:*"], "vendor": "langgenius", "modules": ["ApiToolManageService"], "product": "dify", "versions": [{"status": "affected", "version": "0.6.0"}, {"status": "affected", "version": "0.6.1"}, {"status": "affected", "version": "0.6.2"}, {"status": "affected", "version": "0.6.3"}, {"status": "affected", "version": "0.6.4"}, {"status": "affected", "version": "0.6.5"}, {"status": "affected", "version": "0.6.6"}, {"status": "affected", "version": "0.6.7"}, {"status": "affected", "version": "0.6.8"}, {"status": "affected", "version": "0.6.9"}]}], "timeline": [{"lang": "en", "time": "2026-04-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-19T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-19T18:23:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/358252", "name": "VDB-358252 | langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358252/cti", "name": "VDB-358252 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792231", "name": "Submit #792231 | LangGenius Dify <= 0.6.9 Server-Side Request Forgery (CWE-918)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T07:30:12.357Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6617", "state": "PUBLISHED", "dateUpdated": "2026-04-20T11:12:15.089Z", "dateReserved": "2026-04-19T16:18:35.592Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-20T07:30:12.357Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-6617", "lastModified": "2026-04-20T08:16:11.597", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-20T08:16:11.597", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/chenhouser2025/306c6a7ad6aff9bc9a7fa76d5df38c63"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/792231"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358252"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358252/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.6.9"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "dify", "source": "cna", "vendor": "langgenius"}, "product": "dify", "vendor": "langgenius"}], "analysis": {"en": {"generated_at": "2026-04-20T08:21:33.903821+00:00", "value": {"mitigation_remediation": ["Apply the latest langgenius dify release that removes the SSRF vulnerability, ensuring the get_api_tool_provider_remote_schema function no longer accepts arbitrary URLs.", "If an upgrade cannot be performed immediately, restrict access to the get_api_tool_provider_remote_schema endpoint to trusted administrators or IP ranges, or disable the endpoint entirely.", "Implement outbound request filtering or firewall rules to block unexpected internal requests, limiting the attacker\u2019s ability to reach internal hosts from the application."], "summary": {"action": "Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "langgenius dify software versions up to 0.6.9 are affected. The issue resides in the api/services/tools/api_tools_manage_service.py file, so any deployment of dify 0.6.9 or earlier remains vulnerable until updated.\n", "description_and_impact": "The flaw exists in langgenius dify\u2019s ApiToolManageService get_api_tool_provider_remote_schema function, where an attacker can manipulate the url argument to trigger arbitrary HTTP calls from the server. This SSRF allows the adversary to reach internal or external resources, potentially exposing confidential data or enabling lateral movement. The vulnerability is classified as CWE\u2011918 and can compromise data confidentiality and integrity, though it does not provide direct code execution.\n", "risk_and_exploitability": "The CVSS score of 5.3 denotes a moderate severity. The EPSS score is not available, but the flaw has been publicly disclosed and is exploitable from remote clients. It is not yet listed in the CISA KEV catalog. The attack vector is remote, exploiting the server\u2019s ability to resolve and fetch any URL specified by the attacker, potentially targeting internal services.\n"}}}}, "created": "2026-04-20T08:30:02.621189+00:00", "updated": "2026-04-20T11:30:05.325582+00:00", "vendors": ["langgenius", "langgenius$PRODUCT$dify"]}