Which versions of Dify are affected by CVE-2026-41948?

Dify versions 0-1.14.1 contain a critical vulnerability (CVE-2026-41948, CVSS 9.2) enabling authenticated users to escape tenant isolation and access other organizations' confidential data and…

Is there a public PoC exploit available for CVE-2026-41948?

Yes, a public proof-of-concept exploit is available for CVE-2026-41948. Prioritise patching immediately. EPSS: 0.1%.

Dify CVE-2026-41948

Q: What is the CVSS score of CVE-2026-41948?

CVE-2026-41948 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-30771 CRITICAL

Relative Path Traversal (CWE-23)

2026-05-18 VulnCheck

GHSA-h666-98mq-949j

Path Traversal

9.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

May 26, 2026 - 17:22 NVD

9.2 (CRITICAL) 9.3 (CRITICAL)

Analysis Updated

May 18, 2026 - 15:28 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 18, 2026 - 15:22 vuln.today

cvss_changed

Severity Changed

May 18, 2026 - 15:22 NVD

HIGH CRITICAL

CVSS changed

May 18, 2026 - 15:22 NVD

7.7 (HIGH) 9.2 (CRITICAL)

Source Code Evidence Fetched

May 18, 2026 - 15:00 vuln.today

Analysis Generated

May 18, 2026 - 15:00 vuln.today

DescriptionNVD

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.

AnalysisAI

Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and reach the Plugin Daemon's internal REST API, including debug interfaces, by smuggling unencoded dot sequences through task identifiers or filename parameters. Because Dify Cloud permits unauthenticated free self-registration, the authentication barrier collapses to trivial account creation, and publicly available exploit code exists; the attacker only needs the victim tenant's UUID to pivot. …

RemediationAI

Within 24 hours: Determine if your organization uses Dify (self-hosted or cloud); if yes, document all connected data sources and dependent systems. Within 7 days: For self-hosted deployments, disable free registration, restrict Plugin Daemon network access to trusted internal networks only, and audit existing accounts for unauthorized cross-tenant access. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41948 vulnerability details – vuln.today

Back

Dify CVE-2026-41948

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Dify CVE-2026-41948

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code