/console/api/system-features, this interface lacks permission control, which led to detection by local network authorities and a demand for rectification. What solutions do you all have?
This interface is unauthenticated by design. We are currently disputing this reported vulnerability regarding the unauthenticated interface with the CVE organization.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Dify web security vulnerability安全漏洞 请官方尽快修复 新版本也无效 | 4 | 520 | December 9, 2025 | |
| Version 1.10.1远程代码执行漏洞 | 1 | 602 | January 13, 2026 | |
| Dify企业版,从3.5.6升级到3.6.0,之后,所有的接口请求都是401 Unauthorized了,{"code":"unauthorized","message":"CSRF token is missing or invalid.","status":401} | 0 | 201 | December 12, 2025 | |
| Dify web security vulnerability安全漏洞 请官方尽快修复 | 3 | 484 | December 8, 2025 | |
| PluginDaemonBasicResponse[list[PluginToolProviderEntity]]。部署的DIFY的后台web页面。突然【工具】tab页无法打开。在整个web页面会产生报错信息。 | 0 | 27 | January 19, 2026 | |
| Difyweb重大安全漏洞 请官方尽快修复 | 3 | 817 | December 8, 2025 | |
| 求助,本地源码启动cors跨域401unauthorized | 3 | 215 | February 26, 2026 | |
| 是否可以增加一个api接口关于对话日志追踪的 | 0 | 35 | January 4, 2026 | |
| Stabilty AI的API配置失败 | 0 | 14 | February 24, 2026 | |
| V1.10.1-fix.1 安装登录后无法设定管理员账号,提示权限问题 | 1 | 217 | December 10, 2025 |