CVE-2026-61461
Undergoing Analysis Undergoing Analysis - In Progress

SQL Injection in Dify MyScale Vector Store

Vulnerability report for CVE-2026-61461, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulnCheck

Description

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search_by_full_text method without escaping or parameterization. Attackers can inject malicious SQL through the search parameters to read, modify, or delete data in the underlying ClickHouse database.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
langgenius dify to 1.16.0-rc1 (exc)
langgenius dify 1.15.0
dify dify to 1.16.0-rc1 (exc)
clickhouse clickhouse *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The SQL injection vulnerability in Dify before version 1.16.0-rc1 allows attackers to execute arbitrary SQL commands on the underlying ClickHouse database. This can lead to unauthorized reading, modification, or deletion of sensitive data.

Such unauthorized access and manipulation of data can result in non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access or alteration.

Therefore, if exploited, this vulnerability could compromise the confidentiality, integrity, and availability of data, potentially leading to violations of these regulations.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive data, data modification, and data deletion within the ClickHouse database used by Dify.

Attackers exploiting this SQL injection flaw can manipulate database queries to extract confidential information, corrupt data integrity, or disrupt service availability.

Such impacts can lead to data breaches, loss of trust, operational disruptions, and potential financial or reputational damage.

Executive Summary

CVE-2026-61461 is a SQL injection vulnerability in Dify versions before 1.16.0-rc1, specifically in the MyScale vector store backend. The vulnerability occurs in the search_by_full_text method, where unsanitized search parameters are directly used in SQL queries without proper escaping or parameterization.

This flaw allows attackers to inject malicious SQL code through the search parameters, which can then be executed by the underlying ClickHouse database.

As a result, attackers can read, modify, or delete data in the database by exploiting this vulnerability.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious or malformed SQL queries targeting the ClickHouse database through the MyScale vector store backend, specifically via the search_by_full_text method. Attackers may send specially crafted queries that include SQL injection payloads.

One way to detect exploitation attempts is to inspect logs or network traffic for unusual queries sent to the /v1/datasets/{id}/hit-testing endpoint with the full_text_search retrieval method.

While no explicit detection commands are provided in the resources, a general approach could include using database query logging or network monitoring tools to filter for suspicious SQL patterns or unexpected query parameters.

  • Enable query logging in ClickHouse to capture all queries executed by the MyScale vector store.
  • Use grep or similar tools to search logs for suspicious SQL keywords or payloads, e.g., grep -i "union select" /path/to/clickhouse/logs
  • Monitor HTTP requests to the endpoint /v1/datasets/{id}/hit-testing for unusual or unexpected full_text_search parameters.
  • Use network packet capture tools like tcpdump or Wireshark to analyze traffic for suspicious SQL injection patterns.
Mitigation Strategies

The immediate and most effective mitigation is to upgrade Dify to version 1.16.0-rc1 or later, where the SQL injection vulnerability in the MyScale vector store backend has been patched.

The patch involves proper validation and parameterization of user input in the search_by_full_text method to prevent SQL injection.

If upgrading immediately is not possible, consider restricting access to the vulnerable endpoint (/v1/datasets/{id}/hit-testing) to trusted users only and implementing strict input validation or web application firewall (WAF) rules to block suspicious SQL injection attempts.

  • Upgrade Dify to version 1.16.0-rc1 or later.
  • Restrict access to the /v1/datasets/{id}/hit-testing endpoint.
  • Implement input validation and sanitization for search parameters.
  • Deploy WAF rules to detect and block SQL injection payloads.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61461. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart