CVE-2026-41947: Authorization Bypass Through User-Controlled Key in langgenius dify
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
AI Analysis
Technical Summary
CVE-2026-41947 is an authorization bypass vulnerability in langgenius's Dify product (version 1.14.1 and prior). Authenticated users with editor privileges can exploit missing tenant ownership checks in trace configuration endpoints to set and enable trace configurations for applications they do not own. This allows attackers to redirect all messages and responses from victim applications to attacker-controlled large language model (LLM) trace providers. The vulnerability is particularly concerning because Dify Cloud permits unauthenticated free self-registration, making it trivial for attackers to create accounts and exploit this flaw. The vulnerability has a critical CVSS 4.0 score of 9.1, indicating high impact and exploitability, although no known exploits are reported in the wild. There is no vendor advisory or patch information available at this time.
Potential Impact
The vulnerability enables attackers with authenticated editor access to bypass tenant ownership restrictions and redirect sensitive application data to attacker-controlled endpoints. This can lead to unauthorized data exposure and potential manipulation of application responses. The ease of account creation on Dify Cloud increases the risk by allowing attackers to gain the necessary access with minimal effort. The critical CVSS score reflects the high severity of this authorization bypass flaw.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict editor privileges to trusted users only and monitor for suspicious trace configuration changes. Consider disabling or limiting trace configuration features if possible to reduce exposure.
CVE-2026-41947: Authorization Bypass Through User-Controlled Key in langgenius dify
Description
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-41947 is an authorization bypass vulnerability in langgenius's Dify product (version 1.14.1 and prior). Authenticated users with editor privileges can exploit missing tenant ownership checks in trace configuration endpoints to set and enable trace configurations for applications they do not own. This allows attackers to redirect all messages and responses from victim applications to attacker-controlled large language model (LLM) trace providers. The vulnerability is particularly concerning because Dify Cloud permits unauthenticated free self-registration, making it trivial for attackers to create accounts and exploit this flaw. The vulnerability has a critical CVSS 4.0 score of 9.1, indicating high impact and exploitability, although no known exploits are reported in the wild. There is no vendor advisory or patch information available at this time.
Potential Impact
The vulnerability enables attackers with authenticated editor access to bypass tenant ownership restrictions and redirect sensitive application data to attacker-controlled endpoints. This can lead to unauthorized data exposure and potential manipulation of application responses. The ease of account creation on Dify Cloud increases the risk by allowing attackers to gain the necessary access with minimal effort. The critical CVSS score reflects the high severity of this authorization bypass flaw.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict editor privileges to trusted users only and monitor for suspicious trace configuration changes. Consider disabling or limiting trace configuration features if possible to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-04-22T18:50:43.622Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0b2098ec166c07b0c69448
Added to database: 5/18/2026, 2:22:16 PM
Last enriched: 5/18/2026, 2:37:02 PM
Last updated: 5/19/2026, 6:19:15 PM
Views: 35
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.