CVE-2026-41948
Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access
Description
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
In plain language
AI Worth attentionCVE-2026-41948 is a path-traversal flaw in Dify v1.14.1 and earlier that can let an attacker use a specially crafted request to reach internal Dify features; it’s mainly a risk if someone already has an account in your Dify setup, so you should update and restrict access.
In dify (CVE-2026-41948), a path traversal issue (CWE-23) in the Plugin Daemon internal API routing allows crafted URL paths to escape tenant-scoped paths and access internal endpoints by insufficient URL path sanitization; exploitation requires no special user interaction and does not require authentication according to the core finding, but the patch guidance indicates tenant/route access is part of the trigger conditions.
What to do now
- Check whether you are running dify version 1.14.1 or earlier.
- Confirm whether the Plugin Daemon / plugin internal API endpoints are enabled and reachable from your users or networks.
- Review who has access to your Dify instance (especially any users who could reach the affected API routes).
- Apply the fix referenced by the Dify project (upgrade per the vendor’s release notes that include the referenced pull request).
- Until you can upgrade, restrict network access to Dify (especially the Plugin Daemon and any internal/admin-style endpoints) so only trusted networks/users can reach them.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:HIntegrityA:LAvailabilityWeaknesses
Affected Products
Exploitability
Attack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
1 techniqueReferences
- 29th June – Threat Intelligence Reporten-us·Check Point Research·
- Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Appsen-us·SecurityWeek·
- DifyTap Bugs Let Attackers 'Wiretap' AI Chat Historiesen·Dark Reading· Source-only·
- Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenantsen·The Hacker News· Summary only·
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-41948 and every CVE in our database. Create a free account — no credit card required.
Create Free Account