Description
Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Published: 2026-05-18
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dify up through version 1.14.1 contains an authorization bypass flaw that enables authenticated editor users to modify and activate trace configurations for any application, bypassing tenant ownership checks. By enabling a malicious trace provider, all inbound and outbound messages from the target application are redirected to an attacker‑controlled LLM trace provider, exposing sensitive content. The issue was addressed in version 1.14.2, which restores tenant ownership checks. Dify Cloud additionally permits unauthenticated self‑registration, making it trivial for attackers to create editor accounts and exploit the vulnerability.

Affected Systems

The affected software is langgenius:dify, specifically all releases up to and including version 1.14.1. Any installation that allows editor‑level users to operate the trace configuration endpoints is vulnerable. The issue also applies to Dify Cloud deployments, where free, unauthenticated self‑registration can create editor accounts with little effort.

Risk and Exploitability

The CVSS score of 9.3 marks this exploit as critical, while the EPSS score is <1%. It is not listed in the CISA KEV catalog. Attackers only need to register an account (approved in the free self‑registration model) or use existing editor credentials. By creating a malicious trace provider, the attacker can intercept all payloads in real time, compromising confidentiality and integrity of user communications. The vulnerability can be exercised remotely via the public API or web interface, without local compromise.

Generated by OpenCVE AI on May 26, 2026 at 19:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of Dify that restores tenant ownership checks on the trace configuration endpoints.
  • If an upgrade is not immediately possible, block or restrict editor users from accessing the trace configuration endpoints using network or application firewall rules.
  • Disable or remove malicious trace provider references from existing applications and audit configuration for any unauthorized LLM trace providers.
  • Consider disabling free, unauthenticated self‑registration on Dify Cloud to limit the creation of new editor accounts awaiting remediation.

Generated by OpenCVE AI on May 26, 2026 at 19:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker. Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Title Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.1, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

 cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Tue, 19 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Dify
Dify dify
CPEs cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*
Vendors & Products Dify
Dify dify

Mon, 18 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 May 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Langgenius
Langgenius dify
Vendors & Products Langgenius
Langgenius dify

Mon, 18 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to redirect all messages and responses from victim applications to attacker-controlled LLM trace providers. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Title Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.1, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Dify Dify
Langgenius Dify
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T13:16:41.149Z

Reserved: 2026-04-22T18:50:43.622Z

Link: CVE-2026-41947

cve-icon Vulnrichment

Updated: 2026-05-18T16:49:47.794Z

cve-icon NVD

Status : Modified

Published: 2026-05-18T15:16:25.827

Modified: 2026-05-26T17:16:43.990

Link: CVE-2026-41947

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T19:15:13Z

Weaknesses