dify security advisories

2 threat alerts tracking vulnerabilities and security advisories that affect dify products.

Vulnios monitors dify CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent dify security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2026-41947 — dify — dify
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownersh
criticalCVE-2026-41947
Critical Vulnerability: CVE-2026-41948 — dify — dify
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficien
criticalCVE-2026-41948

Track dify exposure across your environment

Vulnios automatically cross-references your asset inventory against new dify CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

dify security advisories

Critical Vulnerability: CVE-2026-41947 — dify — dify

Critical Vulnerability: CVE-2026-41948 — dify — dify

Track dify exposure across your environment