CVE-2026-6617 | langgenius dify up to 0.6.9 ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema url server-side request forgery

A vulnerability was found in langgenius dify up to 0.6.9. It has been classified as critical. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of the component ApiToolManageService. Performing a manipulation of the argument url results in server-side request forgery.

This vulnerability is identified as CVE-2026-6617. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More