Description
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Published: 2026-05-18
Score: 9.2 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dify version 1.14.1 and earlier contain a path traversal flaw that lets authenticated users manipulate requests forwarded to the Plugin Daemon’s internal REST API by using insufficient URL path sanitization. The vulnerability enables traversal out of the tenant’s authorized directory through unencoded dot sequences in task identifiers or manipulated filename parameters, granting access to internal endpoints such as debug interfaces. This can lead to unauthorized data disclosure or execution of privileged operations within the application.

Affected Systems

The affected product is Dify by LangGenius, version 1.14.1 and earlier. The issue is present in all deployments using these releases, including the cloud offering where free user registration is permitted.

Risk and Exploitability

With a CVSS score of 9.2 the flaw is considered very severe. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog, but the attack still requires authenticated access to a tenant. Because the cloud service allows unauthenticated account creation, attackers can quickly register, obtain a tenant UUID, and target the vulnerable endpoint. The vulnerability is exploitable without additional software or infrastructure, making it a high-priority risk for any Dify deployment. The lack of input validation allows path traversal, which is the core weakness identified as CWE–23.

Generated by OpenCVE AI on May 18, 2026 at 15:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dify to version 1.14.2 or later to remove the path traversal vulnerability.
  • Implement strict input validation on Plugin Daemon internal API endpoints, rejecting unencoded dot sequences and ensuring the request path remains within the tenant context.
  • Restrict or disable exposed debug interfaces and other sensitive internal endpoints, making them accessible only to privileged admin users.

Generated by OpenCVE AI on May 18, 2026 at 15:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 18 May 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Langgenius
Langgenius dify
Vendors & Products Langgenius
Langgenius dify

Mon, 18 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Title Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access
Weaknesses CWE-23
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Langgenius Dify
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-18T14:38:57.057Z

Reserved: 2026-04-22T18:50:43.622Z

Link: CVE-2026-41948

cve-icon Vulnrichment

Updated: 2026-05-18T14:38:50.530Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-18T15:16:25.977

Modified: 2026-05-18T17:29:01.030

Link: CVE-2026-41948

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T16:00:15Z

Weaknesses