{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6618", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-19T16:18:39.660Z", "datePublished": "2026-04-20T07:45:16.985Z", "dateUpdated": "2026-04-20T16:21:30.799Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T07:45:16.985Z"}, "title": "langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "langgenius", "product": "dify", "versions": [{"version": "1.13.0", "status": "affected"}, {"version": "1.13.1", "status": "affected"}, {"version": "1.13.2", "status": "affected"}, {"version": "1.13.3", "status": "affected"}], "cpes": ["cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:*"], "modules": ["ApiBasedToolSchemaParser"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-19T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-19T18:23:51.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-g (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/358253", "name": "VDB-358253 | langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358253/cti", "name": "VDB-358253 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792241", "name": "Submit #792241 | LangGenius Dify <= v1.13.3 Server-Side Request Forgery (CWE-918)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/chenhouser2025/d7b1c574b0e32eb9169f7046b486e662", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:20:02.754768Z", "id": "CVE-2026-6618", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:21:30.799Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6618", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:20:02.754768Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:21:24.610Z"}}], "cna": {"title": "langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-g (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:langgenius:dify:*:*:*:*:*:*:*:*"], "vendor": "langgenius", "modules": ["ApiBasedToolSchemaParser"], "product": "dify", "versions": [{"status": "affected", "version": "1.13.0"}, {"status": "affected", "version": "1.13.1"}, {"status": "affected", "version": "1.13.2"}, {"status": "affected", "version": "1.13.3"}]}], "timeline": [{"lang": "en", "time": "2026-04-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-19T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-19T18:23:51.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/358253", "name": "VDB-358253 | langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/358253/cti", "name": "VDB-358253 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/792241", "name": "Submit #792241 | LangGenius Dify <= v1.13.3 Server-Side Request Forgery (CWE-918)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/chenhouser2025/d7b1c574b0e32eb9169f7046b486e662", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-20T07:45:16.985Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6618", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:21:30.799Z", "dateReserved": "2026-04-19T16:18:39.660Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-20T07:45:16.985Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2026-6618", "lastModified": "2026-04-20T09:16:09.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-20T09:16:09.607", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/chenhouser2025/d7b1c574b0e32eb9169f7046b486e662"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/792241"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358253"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/358253/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.13.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.13.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.13.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.13.3"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "dify", "source": "cna", "vendor": "langgenius"}, "product": "dify", "vendor": "langgenius"}], "analysis": {"en": {"generated_at": "2026-04-20T09:21:48.827541+00:00", "value": {"mitigation_remediation": ["Upgrade langgenius dify to a version later than 1.13.3 when an official patch is released.", "If an immediate upgrade is not feasible, restrict the server\u2019s outbound network access or configure firewall rules to block unexpected HTTP/HTTPS traffic from the application process.", "Validate and sanitize any user\u2011supplied URL parameters before they are used by the parser, ensuring only allowed domains or IP ranges are accepted.", "Monitor system logs for unusual outbound requests and investigate any incidents promptly."], "summary": {"action": "Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The affected product is langgenius dify, versions up to and including 1.13.3. All releases before or equal to 1.13.3 are vulnerable; newer versions are presumed to be fixed.", "description_and_impact": "A flaw exists in the parse_openai_plugin_json_to_tool_bundle function of the ApiBasedToolSchemaParser component in langgenius dify. Manipulating the URL argument that the function receives can cause the vulnerable server to issue arbitrary outbound requests, allowing an attacker to access internal resources or reach external systems. This vulnerability is identified as CWE\u2011918 and can potentially compromise confidentiality and availability by enabling an attacker to exfiltrate data or pivot to other systems.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in CISA KEV. The attack vector is remote; the flaw can be triggered via HTTP requests that pass a crafted URL parameter to the vulnerable function. An exploit has been published, meaning an attacker can already engineer the SSRF scenario without needing custom tooling."}}}}, "created": "2026-04-20T09:30:03.369306+00:00", "updated": "2026-04-20T14:30:08.544709+00:00", "vendors": ["langgenius", "langgenius$PRODUCT$dify"]}