[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:data-exposure-flaws-threaten-dify-ai-platform-used-by-1-million-apps-mqskb80a":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":15,"action_required":18,"article_ids":19,"ioc_summary":21,"source_urls":22,"status":24,"expires_at":25,"created_at":26,"updated_at":27,"articles":28},"dc5fefd2-a97a-40a1-8273-65074ef8ae74","Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps","data-exposure-flaws-threaten-dify-ai-platform-used-by-1-million-apps-mqskb80a","Four critical vulnerabilities in Dify AI platform (CVE-2026-41947, CVE-2026-41948, CVE-2026-41950) enable unauthorized access to private chats, cross-tenant document theft, and lateral API calls across multi-tenant environments. The platform powers 1 million applications, making this a widespread supply chain risk. Unpatched instances are immediately exploitable.","critical","advisory",[12,13,14],"CVE-2026-41947","CVE-2026-41950","CVE-2026-41948",[16,17],"Dify","Zafran Security","Identify all Dify deployments in your environment. Immediately patch to version 1.14.2 or later. Deploy WAF rules blocking CVE-2026-41948 exploitation vectors on all Dify instances pending patching. Hunt for anomalous cross-tenant API calls and unauthorized document\u002Fchat access in logs.",[20],"6af6bf14-76f6-4c56-be19-8718575a30c1",null,[23],"https:\u002F\u002Fwww.securityweek.com\u002Fdata-exposure-flaws-threaten-dify-ai-platform-powering-over-1-million-apps\u002F","active","2026-06-26T21:05:11.337+00:00","2026-06-24T21:05:19.758219+00:00","2026-06-24T21:09:09.393732+00:00",[29],{"id":20,"title":6,"url":23}]