{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/dify/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-41948"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Dify","Dify Cloud"],"_cs_severities":["high"],"_cs_tags":["path-traversal","privilege-escalation","cloud"],"_cs_type":"threat","_cs_vendors":["Dify"],"content_html":"\u003cp\u003eDify, a platform for building AI applications, is vulnerable to a path traversal flaw affecting version 1.14.1 and earlier. This vulnerability, identified as CVE-2026-41948, allows authenticated users to manipulate requests forwarded to the Plugin Daemon\u0026rsquo;s internal REST API. Attackers can exploit insufficient URL path sanitization to traverse out of their authorized tenant path using unencoded dot sequences (../) in task identifiers or manipulated filename parameters. This enables access to internal endpoints, including debug interfaces.  Notably, Dify Cloud\u0026rsquo;s free self-registration feature lowers the barrier to entry, as attackers can trivially create accounts to probe and exploit the vulnerability, only requiring knowledge of the victim tenant\u0026rsquo;s UUID. This could lead to sensitive information disclosure or unauthorized modifications within the Dify environment.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker registers a free account on Dify Cloud.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the UUID of a target tenant within Dify Cloud.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious request to the Plugin Daemon\u0026rsquo;s internal REST API, embedding a path traversal sequence (e.g., \u003ccode\u003e../\u003c/code\u003e) in a task identifier or filename parameter.\u003c/li\u003e\n\u003cli\u003eThe crafted request bypasses URL path sanitization due to insufficient validation of dot sequences.\u003c/li\u003e\n\u003cli\u003eThe request is forwarded to an internal endpoint outside of the attacker\u0026rsquo;s authorized tenant path.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to internal endpoints, such as debug interfaces.\u003c/li\u003e\n\u003cli\u003eAttacker leverages access to internal endpoints to gather sensitive information about the target tenant or the Dify Cloud infrastructure.\u003c/li\u003e\n\u003cli\u003eAttacker escalates privileges or performs unauthorized actions based on the gained information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41948 allows attackers to bypass tenant isolation within Dify environments. This can lead to the disclosure of sensitive information, such as API keys, internal configurations, or user data, from other tenants. The vulnerability could also allow attackers to perform unauthorized actions, such as modifying configurations or deploying malicious plugins, potentially impacting multiple users of the platform. Given that Dify Cloud offers free self-registration, the barrier to entry for exploitation is low, increasing the potential scope of impact.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Dify to a version patched against CVE-2026-41948 to remediate the path traversal vulnerability.\u003c/li\u003e\n\u003cli\u003eImplement robust input validation and sanitization on URL paths within the Plugin Daemon\u0026rsquo;s internal REST API to prevent path traversal attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing path traversal sequences (e.g., \u003ccode\u003e../\u003c/code\u003e) in URLs targeting the Plugin Daemon\u0026rsquo;s API, using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eReview and restrict access to internal endpoints to minimize the potential impact of unauthorized access.\u003c/li\u003e\n\u003cli\u003eImplement strict tenant isolation policies and regularly audit access controls to prevent cross-tenant access.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-18T15:17:16Z","date_published":"2026-05-18T15:17:16Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dify-path-traversal/","summary":"Dify version 1.14.1 and prior contain a path traversal vulnerability (CVE-2026-41948) that allows authenticated users to manipulate requests to the Plugin Daemon's internal REST API and access internal endpoints by traversing out of their authorized tenant path.","title":"Dify Path Traversal Vulnerability (CVE-2026-41948)","url":"https://feed.craftedsignal.io/briefs/2026-05-dify-path-traversal/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-41947"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Dify","Dify Cloud"],"_cs_severities":["high"],"_cs_tags":["authorization-bypass","privilege-escalation","cve-2026-41947"],"_cs_type":"advisory","_cs_vendors":["Dify"],"content_html":"\u003cp\u003eDify, a platform for building AI-native applications, is vulnerable to an authorization bypass (CVE-2026-41947) affecting version 1.14.1 and prior. Authenticated users with editor privileges can exploit this vulnerability to manipulate trace configurations across different tenants. The vulnerability stems from a lack of tenant ownership verification when setting and enabling trace configurations. A successful exploit allows an attacker to redirect messages and responses from victim applications to attacker-controlled LLM trace providers, effectively intercepting and potentially exfiltrating sensitive data processed by the targeted applications. The Dify Cloud offering allows unauthenticated free self-registration, lowering the barrier to entry for attackers.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker registers an account on Dify Cloud (if using Dify Cloud) or gains editor privileges on a Dify instance.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the Dify platform using their account credentials.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the target application they wish to monitor by enumerating available applications or through other means.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious API request to set the trace configuration for the target application. The request specifies an attacker-controlled LLM trace provider endpoint.\u003c/li\u003e\n\u003cli\u003eThe trace configuration endpoint lacks proper tenant ownership checks, allowing the attacker to modify the configuration of the target application.\u003c/li\u003e\n\u003cli\u003eAttacker enables the trace configuration for the target application.\u003c/li\u003e\n\u003cli\u003eAll subsequent messages and responses from the victim application are redirected to the attacker-controlled LLM trace provider.\u003c/li\u003e\n\u003cli\u003eAttacker intercepts and analyzes the redirected messages to extract sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41947 can lead to unauthorized access to sensitive information processed by Dify applications. An attacker can intercept application messages and responses, potentially exposing confidential data, intellectual property, or personally identifiable information (PII). The severity of the impact depends on the nature of the data handled by the compromised applications, but the vulnerability could affect all Dify users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the necessary patches or upgrade to a version of Dify beyond 1.14.1 to remediate CVE-2026-41947.\u003c/li\u003e\n\u003cli\u003eImplement the \u0026ldquo;Detect Dify Unauthorized Trace Configuration Change\u0026rdquo; Sigma rule to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement the \u0026ldquo;Detect Dify Trace Configuration Creation to External Host\u0026rdquo; Sigma rule to identify creation of traces that lead to external endpoints.\u003c/li\u003e\n\u003cli\u003eReview and restrict editor privileges to only those users who require them, minimizing the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-18T15:17:04Z","date_published":"2026-05-18T15:17:04Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dify-auth-bypass/","summary":"Dify version 1.14.1 and prior contains an authorization bypass vulnerability (CVE-2026-41947) that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership, potentially leading to information disclosure by redirecting application messages to attacker-controlled LLM trace providers.","title":"Dify Authorization Bypass Vulnerability (CVE-2026-41947)","url":"https://feed.craftedsignal.io/briefs/2026-05-dify-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Dify","version":"https://jsonfeed.org/version/1.1"}