Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-41948

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencoded dot sequences in task identifiers or manipulated filename parameters to access internal endpoints such as debug interfaces, requiring only knowledge of the victim tenant's UUID. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.4%
CVSS Severity
CVSS v3 Score 9.4
Products affected by CVE-2026-41948
  • Dify » Dify » Version: N/A
    cpe:2.3:a:dify:dify:-
  • Dify » Dify » Version: 0.10.0
    cpe:2.3:a:dify:dify:0.10.0
  • Dify » Dify » Version: 0.10.1
    cpe:2.3:a:dify:dify:0.10.1
  • Dify » Dify » Version: 0.10.2
    cpe:2.3:a:dify:dify:0.10.2
  • Dify » Dify » Version: 0.11.0
    cpe:2.3:a:dify:dify:0.11.0
  • Dify » Dify » Version: 0.11.1
    cpe:2.3:a:dify:dify:0.11.1
  • Dify » Dify » Version: 0.11.2
    cpe:2.3:a:dify:dify:0.11.2
  • Dify » Dify » Version: 0.12.0
    cpe:2.3:a:dify:dify:0.12.0
  • Dify » Dify » Version: 0.12.1
    cpe:2.3:a:dify:dify:0.12.1
  • Dify » Dify » Version: 0.13.0
    cpe:2.3:a:dify:dify:0.13.0
  • Dify » Dify » Version: 0.13.1
    cpe:2.3:a:dify:dify:0.13.1
  • Dify » Dify » Version: 0.13.2
    cpe:2.3:a:dify:dify:0.13.2
  • Dify » Dify » Version: 0.14.0
    cpe:2.3:a:dify:dify:0.14.0
  • Dify » Dify » Version: 0.14.1
    cpe:2.3:a:dify:dify:0.14.1
  • Dify » Dify » Version: 0.14.2
    cpe:2.3:a:dify:dify:0.14.2
  • Dify » Dify » Version: 0.15.0
    cpe:2.3:a:dify:dify:0.15.0
  • Dify » Dify » Version: 0.15.1
    cpe:2.3:a:dify:dify:0.15.1
  • Dify » Dify » Version: 0.15.2
    cpe:2.3:a:dify:dify:0.15.2
  • Dify » Dify » Version: 0.15.3
    cpe:2.3:a:dify:dify:0.15.3
  • Dify » Dify » Version: 0.15.4
    cpe:2.3:a:dify:dify:0.15.4
  • Dify » Dify » Version: 0.15.5
    cpe:2.3:a:dify:dify:0.15.5
  • Dify » Dify » Version: 0.15.6
    cpe:2.3:a:dify:dify:0.15.6
  • Dify » Dify » Version: 0.15.7
    cpe:2.3:a:dify:dify:0.15.7
  • Dify » Dify » Version: 0.15.8
    cpe:2.3:a:dify:dify:0.15.8
  • Dify » Dify » Version: 0.2.1
    cpe:2.3:a:dify:dify:0.2.1
  • Dify » Dify » Version: 0.2.2
    cpe:2.3:a:dify:dify:0.2.2
  • Dify » Dify » Version: 0.3.0
    cpe:2.3:a:dify:dify:0.3.0
  • Dify » Dify » Version: 0.3.1
    cpe:2.3:a:dify:dify:0.3.1
  • Dify » Dify » Version: 0.3.10
    cpe:2.3:a:dify:dify:0.3.10
  • Dify » Dify » Version: 0.3.11
    cpe:2.3:a:dify:dify:0.3.11
  • Dify » Dify » Version: 0.3.12
    cpe:2.3:a:dify:dify:0.3.12
  • Dify » Dify » Version: 0.3.13
    cpe:2.3:a:dify:dify:0.3.13
  • Dify » Dify » Version: 0.3.14
    cpe:2.3:a:dify:dify:0.3.14
  • Dify » Dify » Version: 0.3.15
    cpe:2.3:a:dify:dify:0.3.15
  • Dify » Dify » Version: 0.3.16
    cpe:2.3:a:dify:dify:0.3.16
  • Dify » Dify » Version: 0.3.17
    cpe:2.3:a:dify:dify:0.3.17
  • Dify » Dify » Version: 0.3.18
    cpe:2.3:a:dify:dify:0.3.18
  • Dify » Dify » Version: 0.3.19
    cpe:2.3:a:dify:dify:0.3.19
  • Dify » Dify » Version: 0.3.2
    cpe:2.3:a:dify:dify:0.3.2
  • Dify » Dify » Version: 0.3.20
    cpe:2.3:a:dify:dify:0.3.20
  • Dify » Dify » Version: 0.3.21
    cpe:2.3:a:dify:dify:0.3.21
  • Dify » Dify » Version: 0.3.22
    cpe:2.3:a:dify:dify:0.3.22
  • Dify » Dify » Version: 0.3.23
    cpe:2.3:a:dify:dify:0.3.23
  • Dify » Dify » Version: 0.3.24
    cpe:2.3:a:dify:dify:0.3.24
  • Dify » Dify » Version: 0.3.25
    cpe:2.3:a:dify:dify:0.3.25
  • Dify » Dify » Version: 0.3.26
    cpe:2.3:a:dify:dify:0.3.26
  • Dify » Dify » Version: 0.3.27
    cpe:2.3:a:dify:dify:0.3.27
  • Dify » Dify » Version: 0.3.28
    cpe:2.3:a:dify:dify:0.3.28
  • Dify » Dify » Version: 0.3.29
    cpe:2.3:a:dify:dify:0.3.29
  • Dify » Dify » Version: 0.3.3
    cpe:2.3:a:dify:dify:0.3.3
  • Dify » Dify » Version: 0.3.30
    cpe:2.3:a:dify:dify:0.3.30
  • Dify » Dify » Version: 0.3.31
    cpe:2.3:a:dify:dify:0.3.31
  • Dify » Dify » Version: 0.3.32
    cpe:2.3:a:dify:dify:0.3.32
  • Dify » Dify » Version: 0.3.33
    cpe:2.3:a:dify:dify:0.3.33
  • Dify » Dify » Version: 0.3.34
    cpe:2.3:a:dify:dify:0.3.34
  • Dify » Dify » Version: 0.3.4
    cpe:2.3:a:dify:dify:0.3.4
  • Dify » Dify » Version: 0.3.5
    cpe:2.3:a:dify:dify:0.3.5
  • Dify » Dify » Version: 0.3.6
    cpe:2.3:a:dify:dify:0.3.6
  • Dify » Dify » Version: 0.3.7
    cpe:2.3:a:dify:dify:0.3.7
  • Dify » Dify » Version: 0.3.8
    cpe:2.3:a:dify:dify:0.3.8
  • Dify » Dify » Version: 0.3.9
    cpe:2.3:a:dify:dify:0.3.9
  • Dify » Dify » Version: 0.4.0
    cpe:2.3:a:dify:dify:0.4.0
  • Dify » Dify » Version: 0.4.1
    cpe:2.3:a:dify:dify:0.4.1
  • Dify » Dify » Version: 0.4.2
    cpe:2.3:a:dify:dify:0.4.2
  • Dify » Dify » Version: 0.4.3
    cpe:2.3:a:dify:dify:0.4.3
  • Dify » Dify » Version: 0.4.4
    cpe:2.3:a:dify:dify:0.4.4
  • Dify » Dify » Version: 0.4.5
    cpe:2.3:a:dify:dify:0.4.5
  • Dify » Dify » Version: 0.4.6
    cpe:2.3:a:dify:dify:0.4.6
  • Dify » Dify » Version: 0.4.7
    cpe:2.3:a:dify:dify:0.4.7
  • Dify » Dify » Version: 0.4.8
    cpe:2.3:a:dify:dify:0.4.8
  • Dify » Dify » Version: 0.4.9
    cpe:2.3:a:dify:dify:0.4.9
  • Dify » Dify » Version: 0.5.0
    cpe:2.3:a:dify:dify:0.5.0
  • Dify » Dify » Version: 0.5.1
    cpe:2.3:a:dify:dify:0.5.1
  • Dify » Dify » Version: 0.5.10
    cpe:2.3:a:dify:dify:0.5.10
  • Dify » Dify » Version: 0.5.11
    cpe:2.3:a:dify:dify:0.5.11
  • Dify » Dify » Version: 0.5.2
    cpe:2.3:a:dify:dify:0.5.2
  • Dify » Dify » Version: 0.5.3
    cpe:2.3:a:dify:dify:0.5.3
  • Dify » Dify » Version: 0.5.4
    cpe:2.3:a:dify:dify:0.5.4
  • Dify » Dify » Version: 0.5.5
    cpe:2.3:a:dify:dify:0.5.5
  • Dify » Dify » Version: 0.5.6
    cpe:2.3:a:dify:dify:0.5.6
  • Dify » Dify » Version: 0.5.7
    cpe:2.3:a:dify:dify:0.5.7
  • Dify » Dify » Version: 0.5.8
    cpe:2.3:a:dify:dify:0.5.8
  • Dify » Dify » Version: 0.5.9
    cpe:2.3:a:dify:dify:0.5.9
  • Dify » Dify » Version: 0.6.0
    cpe:2.3:a:dify:dify:0.6.0
  • Dify » Dify » Version: 0.6.1
    cpe:2.3:a:dify:dify:0.6.1
  • Dify » Dify » Version: 0.6.10
    cpe:2.3:a:dify:dify:0.6.10
  • Dify » Dify » Version: 0.6.11
    cpe:2.3:a:dify:dify:0.6.11
  • Dify » Dify » Version: 0.6.12
    cpe:2.3:a:dify:dify:0.6.12
  • Dify » Dify » Version: 0.6.13
    cpe:2.3:a:dify:dify:0.6.13
  • Dify » Dify » Version: 0.6.14
    cpe:2.3:a:dify:dify:0.6.14
  • Dify » Dify » Version: 0.6.15
    cpe:2.3:a:dify:dify:0.6.15
  • Dify » Dify » Version: 0.6.16
    cpe:2.3:a:dify:dify:0.6.16
  • Dify » Dify » Version: 0.6.2
    cpe:2.3:a:dify:dify:0.6.2
  • Dify » Dify » Version: 0.6.3
    cpe:2.3:a:dify:dify:0.6.3
  • Dify » Dify » Version: 0.6.4
    cpe:2.3:a:dify:dify:0.6.4
  • Dify » Dify » Version: 0.6.5
    cpe:2.3:a:dify:dify:0.6.5
  • Dify » Dify » Version: 0.6.6
    cpe:2.3:a:dify:dify:0.6.6
  • Dify » Dify » Version: 0.6.7
    cpe:2.3:a:dify:dify:0.6.7
  • Dify » Dify » Version: 0.6.8
    cpe:2.3:a:dify:dify:0.6.8
  • Dify » Dify » Version: 0.6.9
    cpe:2.3:a:dify:dify:0.6.9
  • Dify » Dify » Version: 0.7.0
    cpe:2.3:a:dify:dify:0.7.0
  • Dify » Dify » Version: 0.7.1
    cpe:2.3:a:dify:dify:0.7.1
  • Dify » Dify » Version: 0.7.2
    cpe:2.3:a:dify:dify:0.7.2
  • Dify » Dify » Version: 0.7.3
    cpe:2.3:a:dify:dify:0.7.3
  • Dify » Dify » Version: 0.8.0
    cpe:2.3:a:dify:dify:0.8.0
  • Dify » Dify » Version: 0.8.1
    cpe:2.3:a:dify:dify:0.8.1
  • Dify » Dify » Version: 0.8.2
    cpe:2.3:a:dify:dify:0.8.2
  • Dify » Dify » Version: 0.8.3
    cpe:2.3:a:dify:dify:0.8.3
  • Dify » Dify » Version: 0.9.0
    cpe:2.3:a:dify:dify:0.9.0
  • Dify » Dify » Version: 0.9.1
    cpe:2.3:a:dify:dify:0.9.1
  • Dify » Dify » Version: 0.9.2
    cpe:2.3:a:dify:dify:0.9.2
  • Dify » Dify » Version: 1.0.0
    cpe:2.3:a:dify:dify:1.0.0
  • Dify » Dify » Version: 1.0.1
    cpe:2.3:a:dify:dify:1.0.1
  • Dify » Dify » Version: 1.1.0
    cpe:2.3:a:dify:dify:1.1.0
  • Dify » Dify » Version: 1.1.1
    cpe:2.3:a:dify:dify:1.1.1
  • Dify » Dify » Version: 1.1.2
    cpe:2.3:a:dify:dify:1.1.2
  • Dify » Dify » Version: 1.1.3
    cpe:2.3:a:dify:dify:1.1.3
  • Dify » Dify » Version: 1.10.0
    cpe:2.3:a:dify:dify:1.10.0
  • Dify » Dify » Version: 1.10.1
    cpe:2.3:a:dify:dify:1.10.1
  • Dify » Dify » Version: 1.11.1
    cpe:2.3:a:dify:dify:1.11.1
  • Dify » Dify » Version: 1.11.2
    cpe:2.3:a:dify:dify:1.11.2
  • Dify » Dify » Version: 1.11.3
    cpe:2.3:a:dify:dify:1.11.3
  • Dify » Dify » Version: 1.11.4
    cpe:2.3:a:dify:dify:1.11.4
  • Dify » Dify » Version: 1.12.0
    cpe:2.3:a:dify:dify:1.12.0
  • Dify » Dify » Version: 1.12.1
    cpe:2.3:a:dify:dify:1.12.1
  • Dify » Dify » Version: 1.13.0
    cpe:2.3:a:dify:dify:1.13.0
  • Dify » Dify » Version: 1.2.0
    cpe:2.3:a:dify:dify:1.2.0
  • Dify » Dify » Version: 1.3.0
    cpe:2.3:a:dify:dify:1.3.0
  • Dify » Dify » Version: 1.3.1
    cpe:2.3:a:dify:dify:1.3.1
  • Dify » Dify » Version: 1.4.0
    cpe:2.3:a:dify:dify:1.4.0
  • Dify » Dify » Version: 1.4.1
    cpe:2.3:a:dify:dify:1.4.1
  • Dify » Dify » Version: 1.4.2
    cpe:2.3:a:dify:dify:1.4.2
  • Dify » Dify » Version: 1.4.3
    cpe:2.3:a:dify:dify:1.4.3
  • Dify » Dify » Version: 1.5.0
    cpe:2.3:a:dify:dify:1.5.0
  • Dify » Dify » Version: 1.5.1
    cpe:2.3:a:dify:dify:1.5.1
  • Dify » Dify » Version: 1.6.0
    cpe:2.3:a:dify:dify:1.6.0
  • Dify » Dify » Version: 1.7.0
    cpe:2.3:a:dify:dify:1.7.0
  • Dify » Dify » Version: 1.7.1
    cpe:2.3:a:dify:dify:1.7.1
  • Dify » Dify » Version: 1.7.2
    cpe:2.3:a:dify:dify:1.7.2
  • Dify » Dify » Version: 1.8.0
    cpe:2.3:a:dify:dify:1.8.0
  • Dify » Dify » Version: 1.8.1
    cpe:2.3:a:dify:dify:1.8.1
  • Dify » Dify » Version: 1.9.0
    cpe:2.3:a:dify:dify:1.9.0
  • Dify » Dify » Version: 1.9.1
    cpe:2.3:a:dify:dify:1.9.1
  • Dify » Dify » Version: 1.9.2
    cpe:2.3:a:dify:dify:1.9.2


Products
Pricing
Contact Us

Shodan ® - All rights reserved