{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-41947/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.4,"id":"CVE-2026-41947"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Dify","Dify Cloud"],"_cs_severities":["high"],"_cs_tags":["authorization-bypass","privilege-escalation","cve-2026-41947"],"_cs_type":"advisory","_cs_vendors":["Dify"],"content_html":"\u003cp\u003eDify, a platform for building AI-native applications, is vulnerable to an authorization bypass (CVE-2026-41947) affecting version 1.14.1 and prior. Authenticated users with editor privileges can exploit this vulnerability to manipulate trace configurations across different tenants. The vulnerability stems from a lack of tenant ownership verification when setting and enabling trace configurations. A successful exploit allows an attacker to redirect messages and responses from victim applications to attacker-controlled LLM trace providers, effectively intercepting and potentially exfiltrating sensitive data processed by the targeted applications. The Dify Cloud offering allows unauthenticated free self-registration, lowering the barrier to entry for attackers.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker registers an account on Dify Cloud (if using Dify Cloud) or gains editor privileges on a Dify instance.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the Dify platform using their account credentials.\u003c/li\u003e\n\u003cli\u003eAttacker identifies the target application they wish to monitor by enumerating available applications or through other means.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious API request to set the trace configuration for the target application. The request specifies an attacker-controlled LLM trace provider endpoint.\u003c/li\u003e\n\u003cli\u003eThe trace configuration endpoint lacks proper tenant ownership checks, allowing the attacker to modify the configuration of the target application.\u003c/li\u003e\n\u003cli\u003eAttacker enables the trace configuration for the target application.\u003c/li\u003e\n\u003cli\u003eAll subsequent messages and responses from the victim application are redirected to the attacker-controlled LLM trace provider.\u003c/li\u003e\n\u003cli\u003eAttacker intercepts and analyzes the redirected messages to extract sensitive information.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41947 can lead to unauthorized access to sensitive information processed by Dify applications. An attacker can intercept application messages and responses, potentially exposing confidential data, intellectual property, or personally identifiable information (PII). The severity of the impact depends on the nature of the data handled by the compromised applications, but the vulnerability could affect all Dify users.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the necessary patches or upgrade to a version of Dify beyond 1.14.1 to remediate CVE-2026-41947.\u003c/li\u003e\n\u003cli\u003eImplement the \u0026ldquo;Detect Dify Unauthorized Trace Configuration Change\u0026rdquo; Sigma rule to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement the \u0026ldquo;Detect Dify Trace Configuration Creation to External Host\u0026rdquo; Sigma rule to identify creation of traces that lead to external endpoints.\u003c/li\u003e\n\u003cli\u003eReview and restrict editor privileges to only those users who require them, minimizing the attack surface.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-18T15:17:04Z","date_published":"2026-05-18T15:17:04Z","id":"https://feed.craftedsignal.io/briefs/2026-05-dify-auth-bypass/","summary":"Dify version 1.14.1 and prior contains an authorization bypass vulnerability (CVE-2026-41947) that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership, potentially leading to information disclosure by redirecting application messages to attacker-controlled LLM trace providers.","title":"Dify Authorization Bypass Vulnerability (CVE-2026-41947)","url":"https://feed.craftedsignal.io/briefs/2026-05-dify-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-41947","version":"https://jsonfeed.org/version/1.1"}