CVE-2026-42138 | langgenius dify up to 1.13.0 Application API /api/files/upload cross site scripting (GHSA-cg94-8v83-7hjj)

A vulnerability described as problematic has been identified in langgenius dify up to 1.13.0. Impacted is an unknown function of the file /api/files/upload of the component Application API. Such manipulation leads to cross site scripting.

This vulnerability is listed as CVE-2026-42138. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More