Security Advisory

CVE-2026-34082

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-20 23:03:18

Last updated 2026-04-21 13:36:45

Assigner GitHub_M

State PUBLISHED

Description

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone elses chat history. Version 1.13.1 patches the issue.

← Browse all CVEs View on cve.org ↗