CVE-2026-61461 in difyinfo

Summary

by MITRE • 07/10/2026

Dify before 1.16.0-rc1 contains a SQL injection vulnerability in the MyScale vector store backend that allows attackers to execute arbitrary SQL by supplying unsanitized search parameters to the search_by_full_text method without escaping or parameterization. Attackers can inject malicious SQL through the search parameters to read, modify, or delete data in the underlying ClickHouse database.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/10/2026

This vulnerability resides within the Dify application ecosystem prior to version 1.16.0-rc1 where the MyScale vector store backend fails to properly sanitize user inputs before incorporating them into SQL queries. The specific flaw manifests in the search_by_full_text method which processes search parameters without implementing proper input validation or parameterization techniques. This design oversight creates a direct pathway for malicious actors to inject arbitrary SQL commands through carefully crafted search parameters that bypass normal input sanitization mechanisms.

The technical execution of this vulnerability follows a classic SQL injection attack pattern where attacker-controlled data flows directly into database query construction. When the search_by_full_text method processes user-supplied search terms, it fails to escape special characters or utilize parameterized queries that would normally separate executable code from data inputs. This allows attackers to manipulate the underlying ClickHouse database through crafted search strings that can execute destructive operations including data enumeration, modification, or deletion. The vulnerability operates at the database interaction layer where untrusted input directly influences query composition without proper security controls.

The operational impact of this vulnerability extends beyond simple data exposure to encompass full database manipulation capabilities. Attackers can leverage this weakness to extract sensitive information from the ClickHouse database instance, potentially accessing confidential application data, user records, or system configurations. The compromise could enable unauthorized data modification or deletion operations that would severely impact data integrity and availability. Additionally, successful exploitation may allow attackers to escalate privileges within the database environment or establish persistent access points through database-level backdoors.

Mitigation strategies for this vulnerability require immediate implementation of proper input validation and parameterized query construction within the MyScale vector store backend. Security measures should include mandatory input sanitization protocols that escape special characters in user-supplied search parameters before database insertion, alongside comprehensive parameterized query frameworks that separate executable code from data inputs. The fix must address the root cause by ensuring all database interactions utilize prepared statements or similar parameterized approaches that prevent malicious SQL code injection. Organizations should also implement database activity monitoring to detect anomalous query patterns and establish regular security assessments of database interfaces to identify similar vulnerabilities in other components.

This vulnerability aligns with CWE-89 which specifically addresses SQL injection flaws in software applications, representing a fundamental weakness in input validation and query construction practices. The attack vector demonstrates characteristics consistent with ATT&CK technique T1071.004 for application layer protocol manipulation where adversaries exploit weaknesses in database interaction components. Organizations should reference industry standards including OWASP Top Ten 2021 category A03:2021 Injection vulnerabilities to understand the broader context of this threat and implement comprehensive security controls that prevent similar issues across their software development lifecycle.

Responsible

VulnCheck

Reservation

07/09/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!