CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

CVE-2026-41947: Authorization Bypass in Dify Trace Configurations

June 25, 2026

A critical authorization bypass vulnerability (CVSS 9.1) in Dify that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership, enabling cross-tenant data exfiltration.