DifyTap: four cross-tenant flaws hit Dify, one still unpatched
Zafran Security discloses four Dify CVEs (41947–41950). Three patched in 1.14.2; the CVSS-9.4 Plugin Daemon path traversal CVE-2026-41948 remains unfixed at release time.
Zafran Security discloses four Dify CVEs (41947–41950). Three patched in 1.14.2; the CVSS-9.4 Plugin Daemon path traversal CVE-2026-41948 remains unfixed at release time.