CVE-2026-41947
Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints
Description
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
In plain language
AI Worth attentionIn Dify versions before 1.14.2, a signed-in editor user can set tracing for other tenants’ applications, potentially redirecting private messages to an attacker-controlled tracing service—small businesses running Dify should patch because multi-tenant setups are especially exposed.
In dify before 1.14.2, there is an authorization bypass (CWE-639) in Trace configuration endpoints that is triggered by missing tenant ownership checks; an authenticated editor user can configure trace endpoints for any application on the instance, enabling message/response redirection to attacker-controlled LLM trace providers.
What to do now
- Check whether your dify deployment is running a version earlier than 1.14.2.
- Identify whether any accounts with “editor” ability exist that are not strictly limited to trusted staff.
- Upgrade dify to version 1.14.2 or later.
- After upgrading, verify trace settings/trace endpoints are only configured for the intended applications and tenants.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:NAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- 29th June – Threat Intelligence Reporten-us·Check Point Research·
- Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Appsen-us·SecurityWeek·
- DifyTap Bugs Let Attackers 'Wiretap' AI Chat Historiesen·Dark Reading· Source-only·
- Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenantsen·The Hacker News· Summary only·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-41947 and every CVE in our database. Create a free account — no credit card required.
Create Free Account