CVE-2026-41948
published 2026-05-18CVE-2026-41948: Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's…
PriorityP264critical9.4CVSS 3.1
AVNACLPRNUINSUCHIHAL
EPSS
0.51%
39.5th percentile
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dify | dify | <= 1.14.1 | — |
| langgenius | dify | <= 1.14.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for path traversal patterns using unencoded dot sequences (e.g., '../' or '..') in task identifier or filename parameters of requests forwarded to the Plugin Daemon's internal REST API. ↗
- →Alert on authenticated requests to the Plugin Daemon's internal REST API that originate from tenant paths other than the authenticated tenant's own UUID, indicating cross-tenant path traversal. ↗
- →Detect access to internal debug interfaces via the Plugin Daemon API from regular tenant-authenticated sessions, which should never occur under normal operation. ↗
- →On Dify Cloud, treat unauthenticated free self-registration as a risk amplifier — any account, including newly registered ones, may be used to exploit this vulnerability without prior relationship to the platform. ↗
- →Flag requests where the file UUID in the files array of a chat-messages request does not belong to the authenticated user, as this may indicate exploitation of the related cross-user file read vulnerability (CVE-2026-41950). ↗
- ·Exploitation requires only knowledge of the victim tenant's UUID, lowering the bar for cross-tenant attacks significantly. ↗
CVSS provenance
nvdv3.19.4CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h666-98mq-949j: Dify version 1
ghsa_unreviewed·2026-05-18
CVE-2026-41948 [CRITICAL] CWE-23 GHSA-h666-98mq-949j: Dify version 1
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
VulDB
langgenius dify up to 1.14.1 Plugin Daemon REST API path traversal (EUVD-2026-30771)
vuldb·2026-05-18·CVSS 9.2
CVE-2026-41948 [CRITICAL] langgenius dify up to 1.14.1 Plugin Daemon REST API path traversal (EUVD-2026-30771)
A vulnerability, which was classified as problematic, was found in langgenius dify up to 1.14.1. This issue affects some unknown processing of the component Plugin Daemon REST API. Such manipulation leads to relative path traversal.
This vulnerability is listed as CVE-2026-41948. The attack may be performed from remote. There is no available exploit.
It is best practice to apply a patch to resolve this issue.
No detection rules found.
No public exploits indexed.
Checkpoint
29th June – Threat Intelligence Report
blogs_checkpoint·2026-06-29
CVE-2026-20245 29th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 29th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 29th June, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Polymarket, a large cryptocurrency-based prediction market, has confirmed a supply chain attack after a third-party frontend vendor breach led to malicious JavaScript being injected into its website. Attackers tricked users into approving fraudulent transactions, stealing about $3 million from fewer than 15 accounts, while the b
Hackernews
Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
blogs_hackernews·2026-06-22·CVSS 8.8
CVE-2024-5846 [HIGH] Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify , an open-source agentic workflow platform with more than 146,000 GitHub stars , that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers' applications without requiring authentication.
The vulnerabilities have been collectively codenamed DifyTap by Zafran Security.
"Two were critical severity, two required no authentication, and three carried cross-tenant impact on Dify's multi-tenant cloud service, allowing one
https://github.com/langgenius/dify/pull/35796https://huntr.com/bounties/35b7ad59-e35d-443f-bf77-387bfb932ec0https://www.vulncheck.com/advisories/dify-path-traversal-via-plugin-daemon-internal-api-accesshttps://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps
2026-05-18
Published