Cyber Security News

Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps

CybersecurityNews
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Zafran Security found four vulnerabilities in Dify, a popular open source LLMOps platform, that could let attackers siphon data across tenants in cloud deployments. The flaws, dubbed DifyTap and tracked as CVE-2026-41947, CVE-2026-41948, CVE-2026-41949, and CVE-2026-41950, were patched in Dify version 1.14.2. #Dify #DifyTap #CVE-2026-41947 #CVE-2026-41948 #CVE-2026-41949 #CVE-2026-41950

Keypoints

  • DifyTap exposed four flaws in the Dify platform.
  • The issues could leak data between tenants in multi-tenant deployments.
  • CVE-2026-41947 could let attackers configure tracing for other applications.
  • CVE-2026-41948 could enable arbitrary API access and path traversal in the plugin daemon.
  • CVE-2026-41949 and CVE-2026-41950 could expose files uploaded by other users or tenants.

Read More: https://www.securityweek.com/data-exposure-flaws-threaten-dify-ai-platform-powering-over-1-million-apps/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint