CVE-2026-41948
9.4 CRITICALDify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to ...
Published: 2026-05-18 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 9.4 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
- CWE
- CWE-23
Affected products
| Vendor | Product |
|---|---|
| dify | dify |
Description
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-41949 — Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user... (5.9 MEDIUM)
- CVE-2026-41947 — Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace ... (9.1 CRITICAL)
Same CWE
- CVE-2026-48569 — Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally (7.1 HIGH)
- CVE-2026-47287 — Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network (6.5 MEDIUM)
- CVE-2026-48681 — OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image (5.9 MEDIUM)
- CVE-2026-5422 — A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the _get_os_p... (8.1 HIGH)
- CVE-2026-10074 — DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path ... (4.9 MEDIUM)