🔒Security Update

pandasteitei · December 5, 2025, 7:01am

React has disclosed a critical vulnerability (CVE-2025-55182) affecting React Server Components.

Dify SaaS is not affected, and we have upgraded React to the patched version 19.2.1 to ensure continued security.

Self-hosted users are encouraged to update to the latest release.

All services are operating normally, and we will continue to monitor the situation.

Update:

Advisory:

Sherry_M · January 13, 2026, 7:30pm

We have been update the Dify to v1.11.1 to solve this vulnerability.
Please update to this version as soon as possible.

Thank you for your notification.

Topic		Replies	Views
Version 1.10.1远程代码执行漏洞 Discussion case	1	573	January 13, 2026
Dify web security vulnerability安全漏洞请官方尽快修复 Discussion	3	466	December 8, 2025
Difyweb重大安全漏洞请官方尽快修复 Discussion	3	789	December 8, 2025
Dify web security vulnerability安全漏洞请官方尽快修复新版本也无效 Discussion	4	452	December 9, 2025
最新的CVE-2025-55184 and CVE-2025-67779，会造成跟之前的一样的影响吗？ Discussion	3	105	December 12, 2025
🎉 Dify v1.11.1 Multimodal Knowledge Base Is Live Activities	0	378	December 15, 2025
🐞 Reporting Issues & Suggesting Improvements for Dify Discussion readme , commuity	1	218	October 22, 2025
Service Disruption Notice Discussion	0	25	February 2, 2026
Dify企业版，从3.5.6升级到3.6.0,之后，所有的接口请求都是401 Unauthorized了，{"code":"unauthorized","message":"CSRF token is missing or invalid.","status":401} Help Me Build	0	159	December 12, 2025
Dify Version 1.11.1安装工具插件失败该如何解决？ Discussion case	3	257	January 26, 2026