CVE-2026-28288

Vulnerability Description

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue.

Vulnerability Details

Published Date

February 27, 2026

Last Modified

February 27, 2026

CWE ID

CWE-204

Source

NVD

Vendor

langgenius

Product

dify

External References

https://github.com/langgenius/dify/issues/24323
https://github.com/langgenius/dify/security/advisories/GHSA-9qpf-wcv3-w3qx

CVE-2026-28288

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment