Security Advisory

CVE-2026-28288

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-27 20:25:24

Last updated 2026-02-27 20:45:44

Assigner GitHub_M

State PUBLISHED

Description

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue.

← Browse all CVEs View on cve.org ↗