Vulnerabilities

CVE-2026-28288

by Fred · 27/02/2026

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue.

More information : https://github.com/langgenius/dify/issues/24323

Similar

Tags: Cybersecurity Alert