CVE-2026-26023 – Client‑side DOM XSS in the web chat app of Dify when using echarts

CVE ID : CVE-2026-26023

Published : Feb. 11, 2026, 9:23 p.m. | 1 hour, 2 minutes ago

Description : Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is fixed in 1.13.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…