Recent discoveries have unveiled significant security vulnerabilities within Dify, a widely-used platform for AI workflows. These flaws pose a risk of exposing sensitive data across different tenants, potentially affecting more than a million applications.
Widespread Enterprise Adoption
Dify is an integral part of AI processes for enterprises like Volvo, Maersk, Panasonic, and Thermo Fisher. Its popularity is evidenced by over 140,000 stars on GitHub and more than 10 million pulls from Docker, underscoring its critical role in AI operations.
Investigations by Zafran revealed that tens of thousands of Dify instances are accessible online, indicating a broad potential for vulnerability exploitation.
Critical Vulnerabilities Identified
The research identified four vulnerabilities, including two critical ones, CVE-2026-41947 and CVE-2026-41948, with CVSS scores of 9.1 and 9.4, respectively. These vulnerabilities allow cross-tenant attacks, enabling unauthorized access to data across different customers.
One severe flaw permits attackers to configure tracing on applications without proper validation, allowing them to capture entire chat histories. Another critical issue in the Plugin Daemon service allows path traversal attacks through crafted requests, bypassing authentication and accessing internal APIs.
Steps for Mitigation and Future Outlook
Dify’s outdated use of PDFium, vulnerable to CVE-2024-5846, further exacerbates these issues. This component was used for 18 months post-disclosure, highlighting the need for robust dependency management in AI platforms.
To mitigate these risks, Dify has released version 1.14.2, addressing specific vulnerabilities. Security teams are advised to update to this version, implement WAF rules to counter path traversal attacks, and limit the exposure of Dify instances.
The findings, part of Zafran’s “Project DarkSide,” emphasize the need for enhanced security measures in AI infrastructures. The project demonstrates the vulnerabilities inherent in microservices and containerized environments, which traditional security strategies often overlook.
As AI technology continues to evolve, these vulnerabilities highlight the critical need for secure architecture design and improved visibility throughout AI supply chains.
