A vulnerability classified as critical was found in langgenius dify up to 1.16.0. Impacted is the function
search_by_full_text of the component MyScale Vector Store Backend. The manipulation results in sql injection.
This vulnerability is known as CVE-2026-61461. It is possible to launch the attack remotely. No exploit is available.