Dify MyScale Backend SQL Injection Vulnerability (CVE-2026-61461)
A high-severity SQL injection vulnerability, CVE-2026-61461, exists in the MyScale vector store backend of Dify versions prior to 1.16.0-rc1, allowing attackers with low privileges to execute arbitrary SQL commands via unsanitized search parameters, leading to unauthorized data manipulation in the underlying ClickHouse database.
Dify, an open-source LLM application development platform, is affected by CVE-2026-61461, a high-severity SQL injection vulnerability discovered in versions prior to 1.16.0-rc1. This flaw resides in the MyScale vector store backend, specifically within the search_by_full_text method. The vulnerability arises because search parameters supplied to this method are not properly sanitized or parameterized, allowing an attacker with low privileges (CVSS:PR:L) to inject arbitrary SQL code. Successful exploitation can lead to unauthorized reading, modification, or deletion of sensitive data stored in the underlying ClickHouse database, posing a significant risk to data integrity and confidentiality within affected Dify deployments.
Attack Chain
- An attacker identifies a Dify instance running a vulnerable version (prior to 1.16.0-rc1) configured to use the MyScale vector store backend.
- The attacker gains low-privileged access to the Dify application, as indicated by the CVSS 'PR:L' metric.
- The attacker crafts a malicious HTTP request targeting a Dify endpoint that utilizes the
search_by_full_textmethod in the MyScale backend. - The request includes unsanitized search parameters containing SQL injection payloads, such as special characters, keywords like
UNION SELECT, or comments. - The vulnerable
search_by_full_textmethod processes these parameters directly, without proper escaping or prepared statements. - The injected SQL commands are then executed by the underlying ClickHouse database.
- The attacker achieves unauthorized data access, modification, or deletion within the ClickHouse database, impacting confidentiality, integrity, or availability.
Impact
Successful exploitation of CVE-2026-61461 can lead to severe consequences for organizations using affected Dify versions. Attackers can gain comprehensive control over the underlying ClickHouse database, enabling them to exfiltrate sensitive user data, application configurations, or proprietary information. Furthermore, they can modify or delete critical data, which could lead to severe data integrity issues, service disruption, and potential legal or compliance penalties. The high CVSS score of 8.8 reflects the significant potential for impact on confidentiality, integrity, and availability.
Recommendation
- Patch CVE-2026-61461 by upgrading Dify to version 1.16.0-rc1 or newer immediately, as referenced in the provided GitHub releases.
- Deploy the Sigma rule "Detect CVE-2026-61461 Exploitation - Dify MyScale SQL Injection" from this brief to your SIEM to detect attempts at SQL injection targeting Dify's
search_by_full_textmethod. - Monitor web server access logs for unusual request patterns, specifically looking for SQL injection keywords and special characters in
cs-uri-queryparameters, as indicated by the log sourcewebserver.
Detection coverage 1
Detect CVE-2026-61461 Exploitation - Dify MyScale SQL Injection
highDetects CVE-2026-61461 exploitation - attempts to inject SQL commands into Dify's MyScale vector store backend via the search_by_full_text method by looking for common SQL injection patterns in URL query parameters. This targets endpoints typically used for search functionality.
Detection queries are available on the platform. Get full rules →