AI description
CVE-2026-41947 describes an authorization bypass vulnerability found in Dify, an open-source platform for building AI applications, specifically in versions prior to 1.14.2. This flaw allows authenticated editor users to set and enable trace configurations for any application, even those not owned by their tenant. Exploiting this vulnerability enables attackers to redirect all messages and responses from victim applications to their own controlled Large Language Model (LLM) trace providers. This is facilitated by missing tenant ownership checks within the trace configuration endpoints. Furthermore, Dify Cloud's allowance of unauthenticated free self-registration simplifies account creation for potential attackers.
- Description
- Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
- Source
- disclosure@vulncheck.com
- NVD status
- Modified
- Products
- dify
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-639
- Hype score
- Not currently trending
オープンソースAIワークフロー基盤Dify(GitHubスター14万超、Docker-pulls1,000万超、Volvo・Maersk・Panasonic・Thermo-Fisher等が利用)に「DifyTap」と総称される4件の脆弱性が報告されています。うち3件はクロステナント(
@MalwareBibleJP
26 Jun 2026
1032 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
AIワークフロー基盤Difyで複数の重大脆弱性が見つかり、他テナントの機密データへアクセスできる可能性が明らかになった。影響は100万以上のアプリに及ぶ可能性があり、AIチャットやRAG基盤で利用される環
@yousukezan
23 Jun 2026
3770 Impressions
19 Retweets
32 Likes
21 Bookmarks
0 Replies
0 Quotes
Difyでテナント跨ぎでデータが漏洩する脆弱性群DifyTapについて。CVE-2024-5846、CVE-2026-41947、CVE-2026-41948、CVE-2026-41949、CVE-2026-41950。CVE-2026-41948は未修正。それ以外はバージョン1.14.2で修正。 https://t.co/r21ymejfZL
@__kokumoto
23 Jun 2026
797 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical - Multiple Dify Vulnerabilities (CVE-2026-41947, CVE-2026-41948) Dify <= 1.14.1 is affected by critical authorization bypass and path traversal vulnerabilities that could allow authenticated attackers to access internal plugin daemon endpoints and redirect
@UpwindMDR
18 May 2026
64 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A125CFA5-D056-4A11-8EE1-0B5FC5628CF3",
"versionEndIncluding": "1.14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]