CVE-2026-41947
published 2026-05-18CVE-2026-41947: Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any…
PriorityP359critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
EPSS
0.45%
36.1th percentile
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dify | dify | <= 1.14.1 | — |
| langgenius | dify | < 1.14.2 | 1.14.2 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
langgenius dify up to 1.14.1 Trace Configuration Endpoint authorization (EUVD-2026-30772)
vuldb·2026-05-18·CVSS 9.1
CVE-2026-41947 [CRITICAL] langgenius dify up to 1.14.1 Trace Configuration Endpoint authorization (EUVD-2026-30772)
A vulnerability, which was classified as problematic, has been found in langgenius dify up to 1.14.1. This vulnerability affects unknown code of the component Trace Configuration Endpoint. This manipulation causes authorization bypass.
This vulnerability is tracked as CVE-2026-41947. The attack is possible to be carried out remotely. No exploit exists.
Applying a patch is the recommended action to fix this issue.
GHSA
GHSA-48v9-p8g8-55vg: Dify version 1
ghsa_unreviewed·2026-05-18
CVE-2026-41947 [CRITICAL] CWE-639 GHSA-48v9-p8g8-55vg: Dify version 1
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
No detection rules found.
No public exploits indexed.
Checkpoint
29th June – Threat Intelligence Report
blogs_checkpoint·2026-06-29
CVE-2026-20245 29th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 29th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Polymarket, a large cryptocurrency-based prediction market, has confirmed a supply chain attack after a third-party frontend vendor breach led to malicious JavaScript being injected into its website. Attackers tricked users into approving fraudulent transactions, stealing about $3 million from fewer than 15 accounts, while the b
Hackernews
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
blogs_hackernews·2026-06-22·CVSS 8.8
CVE-2024-5846 [HIGH] Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify , an open-source agentic workflow platform with more than 146,000 GitHub stars , that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers' applications without requiring authentication.
The vulnerabilities have been collectively codenamed DifyTap by Zafran Security.
"Two were critical severity, two required no authentication, and three carried cross-tenant impact on Dify's multi-tenant cloud service, allowing one
https://github.com/langgenius/dify/commit/55d05fe52de880cd8497df8cea052351c594fad8https://github.com/langgenius/dify/pull/35793https://github.com/langgenius/dify/releases/tag/1.14.2https://huntr.com/bounties/a43076b2-fbc8-4750-9647-89a036b52f52https://www.vulncheck.com/advisories/dify-authorization-bypass-via-trace-configuration-endpointshttps://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps
2026-05-18
Published