RESEARCHERS from Zafran Labs have identified four vulnerabilities in Dify, an open-source AI platform used by major companies to support over a million applications. The vulnerabilities, collectively referred to as 'DifyTap,' include:
1. CVE-2026-41947 (CVSS 9.1) allows attackers unauthorized access to trace system data.
2. CVE-2026-41948 (CVSS 9.4) exposes arbitrary API endpoints without authentication.
3. CVE-2026-41949 and CVE-2026-41950 enable unauthorized document file access.
One vulnerability allows any user to retrieve any document's contents. Notably, Dify also ran a known vulnerable version of PDFium for over a year. The researchers underline that these issues reflect broader security shortcomings in AI applications and recommend implementing Web Application Firewall rules to mitigate risks for users still on earlier versions.