THREATNOIR
Subscribe
Back to Feed
VulnerabilitiesJun 22, 2026

DifyTap Bugs Let Attackers 'Wiretap' AI Chat Histories

Dify platform bugs allow attackers to access and exfiltrate AI chat histories.

Read at source

Summary

Four critical vulnerabilities have been discovered in Dify, an open-source platform used for building and managing AI applications. These flaws could allow attackers to silently access and steal sensitive data, including chat histories, from users of the platform. The vulnerabilities are being tracked as CVE-2024-28910, CVE-2024-28911, CVE-2024-28912, and CVE-2024-28913, and affect versions prior to 0.6.1.

Indicators of Compromise

  • cve — CVE-2024-28910
  • cve — CVE-2024-28911
  • cve — CVE-2024-28912
  • cve — CVE-2024-28913

Entities

Dify (product)AI application building (technology)