Cybersecurity researchers at Zafran Security have identified a set of vulnerabilities in Dify, a popular open-source AI workflow platform, collectively named 'DifyTap.' These defects, including two critical severity issues, could allow unauthenticated attackers to read private AI conversations and traverse internal APIs across different tenants. The impact is particularly high for Dify's multi-tenant cloud service, where one customer's sensitive data could be exposed to another through cross-tenant internal API calls and document preview leaks.
The vulnerabilities involve a mix of path traversal, authorization bypasses, and the use of outdated libraries like PDFium. One significant flaw (CVE-2026-41947) allows attackers to redirect AI message traces to their own servers, creating a persistent exfiltration channel. Most of these issues have been addressed in Dify version 1.14.2, though a fix for one remaining authorization bypass (CVE-2026-41948) is expected in an upcoming release. Users are encouraged to update their deployments to mitigate these risks.
Top comments (0)