CVE-2026-6619 | langgenius dify up to 1.13.3 ImagePreview image-preview.tsx openInNewTab filename cross site scripting

April 19, 2026 Yanac

A vulnerability was found in langgenius dify up to 1.13.3. It has been rated as problematic. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview. The manipulation of the argument filename leads to cross site scripting.

This vulnerability is listed as CVE-2026-6619. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More