Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to vulnerabilities
CriticalPublic exploit

Authorization bypass in Dify trace configuration endpoints

IdentifiersCVE-2026-41947CWE-639· Authorization Bypass Through…

CVE-2026-41947 affects Dify before version 1.14.2 (including 1.14.1 and prior). The vulnerability is an authorization bypass in Dify's tracing system caused by missing tenant ownership validation in the trace configuration endpoints. An authenticated user with editor-level access can set and enable trace configurations for applications outside their own tenant/workspace. By abusing these endpoints, an attacker can register an attacker-controlled LLM trace provider for a victim application and cause the application's traced traffic to be forwarded externally. Public reporting describes this as a tracing hijack that can be used against any application the attacker can access as a client, including publicly accessible applications in multi-tenant deployments.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows cross-tenant compromise of confidentiality and integrity for affected Dify applications. An attacker can redirect traced application data, including user messages, prompts, chat histories, and model responses, to attacker-controlled infrastructure, creating a persistent exfiltration channel. The flaw enables unauthorized modification of tracing settings on victim applications and can expose sensitive AI workflow data belonging to other customers in shared Dify environments. Available reporting does not indicate a direct availability impact.

Mitigation

If you can’t patch tonight, do this now.

Until patching is completed, restrict access to trace configuration endpoints to trusted administrative paths only, reduce or remove editor access where not strictly required, and closely monitor for changes to tracing providers and trace enablement state. In Dify Cloud or similar environments where account creation is easy, monitor for suspicious newly created accounts and anomalous cross-tenant activity. If possible, disable tracing or outbound connections to unapproved trace backends, and enforce tenant ownership validation through compensating controls such as API gateway or application-layer authorization checks.

Remediation

Patch, then assume compromise.

Upgrade Dify to version 1.14.2 or later, which addresses the missing tenant ownership checks in the trace configuration functionality. After upgrading, review and reset trace configurations for all applications, verify that no unauthorized external trace providers are configured, rotate any credentials or secrets that may have been exposed through traced traffic, and audit logs for suspicious changes to tracing settings or unexpected outbound trace destinations.
PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
DifyDifyapplication
LanggeniusDifyapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

14 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

14 SOURCESView more in app
scworldNews
Jun 23, 2026
4 vulnerabilities in Dify expose cross-tenant data | brief | SC Media

A critical unauthenticated vulnerability in Dify's tracing system that allows persistent exfiltration of messages and responses from accessible applications.

Read more
security affairsNews
Jun 23, 2026
DifyTap: Four Bugs Put over 1 million AI Apps at Risk - Security Affairs

A critical vulnerability in Dify’s tracing system that allows an attacker to configure tracing on accessible applications and create a persistent exfiltration channel for messages and model responses, enabling cross-tenant data exposure.

Read more
security weekNews
Jun 23, 2026
Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps - SecurityWeek

A critical cross-tenant data exposure vulnerability in Dify’s tracing functionality that allows a Dify console user to configure tracing for other applications and create a persistent exfiltration channel for messages and responses.

Read more
cyber security newsNews
Jun 23, 2026
DifyTap Flaws Allow Attackers to Wiretap AI Data Across Tenants - 1M+ Apps Impacted

A critical Dify vulnerability enabling cross-tenant data exposure in multi-tenant cloud deployments.

Read more
+3 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-41947
NVD
nvd.nist.gov/vuln/detail/CVE-2026-41947
MITRE CWE · CWE-639
Authorization Bypass Through User-Controlled Key
Patch
github.com/langgenius/dify/pull/35793
Third Party Advisory
huntr.com/bounties/a43076b2-fbc8-4750-9647-89a036b52f52
Third Party Advisory
vulncheck.com/advisories/dify-authorization-bypass-via-trace-configuration-endpoints
github.com
github.com/langgenius/dify/commit/55d05fe52de880cd8497df8cea052351c594fad8
github.com
github.com/langgenius/dify/releases/tag/1.14.2