Dify Authorization Bypass (CVE-2026-41947) Exposes LLM Trace Data
The National Vulnerability Database has detailed CVE-2026-41947, an authorization bypass affecting Dify version 1.14.1 and earlier. This vulnerability allows authenticated editor users to configure and activate trace settings for any application, regardless of its true tenant ownership. The core issue lies in missing tenant ownership checks within Dify’s trace configuration endpoints.
Attackers can leverage this flaw to reroute all messages and responses from targeted applications to their own LLM trace providers. This effectively grants them access to sensitive conversation data and application interactions. A critical aspect of this vulnerability is Dify Cloud’s support for unauthenticated, free self-registration, which significantly lowers the barrier for attackers to create accounts and exploit this issue.
With a CVSS score of 7.4 (HIGH), this is a serious concern for any organization utilizing Dify. The ability to redirect LLM traffic to an attacker-controlled endpoint represents a direct path to data exfiltration and intellectual property theft, especially in environments where LLMs process proprietary or sensitive information. Defenders need to understand the implications of this bypass, as it allows for covert data interception without directly compromising the application itself.
What This Means For You
- If your organization uses Dify, especially Dify Cloud, you need to immediately audit your Dify instances for version 1.14.1 or earlier. Prioritize patching to a secured version to mitigate CVE-2026-41947. Furthermore, review all trace configurations for unauthorized changes and monitor LLM traffic for any anomalous external connections or redirects. This isn't just a configuration flaw; it's a critical data interception vector.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Dify Authorization Bypass - Trace Configuration Update - CVE-2026-41947
title: Dify Authorization Bypass - Trace Configuration Update - CVE-2026-41947
id: scw-2026-05-18-ai-1
status: experimental
level: high
description: |
Detects the specific API endpoint used to configure LLM traces in Dify. Exploitation of CVE-2026-41947 involves authenticated editor users (or unauthenticated users on Dify Cloud due to free self-registration) sending POST requests to the '/v1/traces/config' endpoint to bypass tenant ownership checks and redirect trace data to attacker-controlled providers. This rule specifically targets the successful configuration update.
author: SCW Feed Engine (AI-generated)
date: 2026-05-18
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-41947/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/v1/traces/config'
cs-method:
- 'POST'
sc-status:
- '200'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41947 | Auth Bypass | Dify version 1.14.1 and prior |
| CVE-2026-41947 | Auth Bypass | Missing tenant ownership checks in trace configuration endpoints |
| CVE-2026-41947 | Information Disclosure | Redirect all messages and responses from victim applications to attacker-controlled LLM trace providers |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 18, 2026 at 18:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-20240 — Denial of Service
CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...
Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data
CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...