CVE-2026-34082

· NIST NVD ↗

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue.

MEDIUM
CVSS severity
4.3
CVSS base score
2026-04-20
Published

CWE codes

CWE-284CWE-863

Affected products

dify:dify

Sources