Product
high
threat
Dify Path Traversal Vulnerability (CVE-2026-41948)
2 rules 1 TTP 1 CVEDify version 1.14.1 and prior contain a path traversal vulnerability (CVE-2026-41948) that allows authenticated users to manipulate requests to the Plugin Daemon's internal REST API and access internal endpoints by traversing out of their authorized tenant path.
Dify +1
path-traversal
privilege-escalation
cloud
2r
1t
1c
high
advisory
Dify Authorization Bypass Vulnerability (CVE-2026-41947)
2 rules 1 TTP 1 CVEDify version 1.14.1 and prior contains an authorization bypass vulnerability (CVE-2026-41947) that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership, potentially leading to information disclosure by redirecting application messages to attacker-controlled LLM trace providers.
Dify +1
authorization-bypass
privilege-escalation
cve-2026-41947
2r
1t
1c