Description
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Published: 2026-05-18
Score: 9.1 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dify up to version 1.14.1 suffers an authorization bypass flaw that lets an authenticated editor set trace configuration for any application, regardless of tenant ownership. Once a trace provider is enabled, all incoming and outgoing messages on the victim application are redirected to the attacker‑controlled LLM trace provider, exposing sensitive content. The vulnerability is classified as CWE‑639, a user‑controlled data flow issue that enables unauthorized data exposure.

Affected Systems

The affected software is langgenius:dify, specifically all releases up to and including version 1.14.1. Any installation that allows editor‑level users to operate the trace configuration endpoints is vulnerable. The issue also applies to Dify Cloud deployments, where free, unauthenticated self‑registration can create editor accounts with little effort.

Risk and Exploitability

The CVSS score of 9.1 marks this exploit as critical, while an EPSS score is currently unavailable. It is not listed in the CISA KEV catalog. Attackers only need to register an account (approved in the free self‑registration model) or use existing editor credentials. By creating a malicious trace provider, the attacker can intercept all payloads in real time, compromising confidentiality and integrity of user communications. The vulnerability can be exercised remotely via the public API or web interface, without local compromise.

Generated by OpenCVE AI on May 18, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of Dify that restores tenant ownership checks on the trace configuration endpoints.
  • If an upgrade is not immediately possible, block or restrict editor users from accessing the trace configuration endpoints using network or application firewall rules.
  • Disable or remove malicious trace provider references from existing applications and audit configuration for any unauthorized LLM trace providers.
  • Consider disabling free, unauthenticated self‑registration on Dify Cloud to limit the creation of new editor accounts awaiting remediation.

Generated by OpenCVE AI on May 18, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 May 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Langgenius
Langgenius dify
Vendors & Products Langgenius
Langgenius dify

Mon, 18 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Title Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.1, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Langgenius Dify
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-18T16:49:52.336Z

Reserved: 2026-04-22T18:50:43.622Z

Link: CVE-2026-41947

cve-icon Vulnrichment

Updated: 2026-05-18T16:49:47.794Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-18T15:16:25.827

Modified: 2026-05-18T17:29:01.030

Link: CVE-2026-41947

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T15:30:28Z

Weaknesses