Dify cross-tenant auth bypass vulnerabilities multiple vulnerabilities path traversal flaw (CVE-2026-41948)
Vulnerability
Summary
Hide ▲
Show ▼
Researchers disclosed four Dify vulnerabilities that exposed cross-tenant AI chats, documents, and internal API access on the platform's multi-tenant cloud service. Three of the flaws enabled unauthorized data exposure between customers, and one allowed unauthenticated access to internal Plugin Daemon API paths. Version 1.14.2 fixed all but CVE-2026-41948, with a follow-up fix expected in the next release. The weaknesses created a covert exfiltration path for messages, model responses, and uploaded files.
Related Happenings
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/Mitigation
H score46
First: 20.02.2026 19:02
Last: 20.02.2026 19:02
Sources 1
About this happening:
CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/MitigationAbout this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation Wave
H score76
First: 12.02.2026 23:34
Last: 12.02.2026 23:34
Sources 1
About this happening:
**CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave
Exploitation WaveAbout this happening: **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access** is now seeing **first in-the-wild exploitation**, putting exposed appliances at risk of remote...
Google Chrome CVE-2025-2783 active exploitation wave
Exploitation Wave
H score41
First: 28.10.2025 10:22
Last: 28.10.2025 10:22
Sources 1
About this happening:
**CVE-2025-2783** is being actively exploited in **Google Chrome** against organizations in **Russia and Belarus**, creating sandbox-escape and payload-delivery risk for exposed b...
Google Chrome CVE-2025-2783 active exploitation wave
Exploitation WaveAbout this happening: **CVE-2025-2783** is being actively exploited in **Google Chrome** against organizations in **Russia and Belarus**, creating sandbox-escape and payload-delivery risk for exposed b...
Latest development: 17.12.2025 16:54
Kaspersky described a new Operation ForumTroll phishing wave targeting scholars in political science, international relations, and global economics at major Russian universities and research institutions with fake eLibrary emails from support@e-library[.]wiki, one-time links, and ZIP archives named <LastName>_<FirstName>_<Patronymic>.zip that run a LNK and PowerShell chain to fetch a DLL and deploy Tuoni for remote access.
Timeline
-
22.06.2026 19:13 2 articles · 2h ago
Researchers disclose DifyTap vulnerabilities in Dify
Initial DisclosureResearchers disclosed DifyTap, a set of four vulnerabilities in Dify's multi-tenant cloud service that could let attackers read private AI chats, abuse the internal Plugin Daemon API, and leak uploaded files across tenants; all but CVE-2026-41948 were addressed in version 1.14.2, with a fix for the remaining flaw expected in the next release.
Show sources
- Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants — thehackernews.com — 22.06.2026 19:13
- Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants — thehackernews.com — 22.06.2026 19:13