Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Dify security patch release for CVE-2026-41947

Security Patch Release
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

Dify shipped version 1.14.2 to fix most of the DifyTap vulnerabilities, closing cross-tenant paths that could expose AI chats, uploaded files, and internal API traffic. The release addressed CVE-2026-41947, CVE-2026-41949, and CVE-2026-41950, while CVE-2026-41948 remained pending. The patch reduced risk for Dify's multi-tenant cloud service and left one flaw for the next update cycle.

Related Happenings

TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926

Security Patch Release
H score45 First: 22.05.2026 11:19 Last: 22.05.2026 11:19 Sources 1

About this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....

Open Happening

Avada Builder 3.15.3 patch release (CVE-2026-4782, CVE-2026-4798)

Security Patch Release
H score21 First: 15.05.2026 18:56 Last: 15.05.2026 18:56 Sources 1

About this happening: **Avada Builder** shipped **version 3.15.3** as the full fix for **CVE-2026-4782** and **CVE-2026-4798**, closing the plugin flaws that could expose files and database data. A pri...

Open Happening

Progress security patch release for CVE-2026-2699

Security Patch Release
H score68 First: 02.04.2026 16:33 Last: 02.04.2026 16:33 Sources 1

About this happening: **Progress** released **ShareFile 5.12.4** on **March 10** to fix **CVE-2026-2699** and **CVE-2026-2701** in the **Storage Zones Controller (SZC)** for **branch 5.x**. The update...

Open Happening

GIGABYTE security patch release for CVE-2026-4415

Security Patch Release
H score39 First: 01.04.2026 01:28 Last: 01.04.2026 01:28 Sources 1

About this happening: **GIGABYTE** is directing users of **Control Center** to upgrade to **25.12.10.01** to mitigate **CVE-2026-4415**, a flaw that exposed systems to remote file writes. The update ma...

Open Happening

Elementor Ally 4.1.0 security patch release (CVE-2026-2313)

Security Patch Release
H score59 First: 11.03.2026 21:38 Last: 11.03.2026 21:38 Sources 1

About this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...

Open Happening

Timeline

  1. 22.06.2026 19:13 2 articles · 2h ago

    Dify ships version 1.14.2 to address most DifyTap flaws

    Mitigation Patch Update

    Dify shipped version 1.14.2 to address most of the DifyTap vulnerabilities, including the authorization-bypass flaws in trace configuration, file preview, and same-tenant file access. CVE-2026-41948 remained pending for a later release, leaving the Plugin Daemon API path traversal flaw unpatched.

    Show sources
    Open in new tab