DifyTap just turned 1M+ AI apps into wiretaps. Volvo, Maersk, and Panasonic are exposed.

Four vulnerabilities. Two critical. Three cross-tenant.

An attacker can read every private AI conversation your company has ever had on Dify.

Zafran Security found DifyTap — four flaws in Dify, the open-source platform powering 1M+ AI apps across 60+ industries.

CVE-2026-41947 (CVSS 9.1): Attackers hijack Dify's tracing system. They redirect all prompts, responses, and chat histories to their own endpoint. Persistent exfiltration. No detection.

CVE-2026-41948 (CVSS 9.4): Path traversal into Dify's Plugin Daemon. No authentication required. Anyone with network access can hit internal APIs.

Two more flaws let attackers preview documents uploaded by other tenants and leak files across users using nothing but a UUID.

Dify Cloud allows free self-registration. An attacker needs 60 seconds to create an account and start wiretapping.

140,000 GitHub stars. 10 million Docker pulls. Tens of thousands of internet-facing instances. This isn't a niche tool — it's the orchestration layer behind enterprise AI workflows at companies you do business with.

Patch to version 1.14.2 immediately. Deploy WAF rules for CVE-2026-41948. Audit every Dify instance in your environment. If you don't know whether your AI stack touches Dify, that's the vulnerability.

SOURCE: https://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps
VERIFIED: Cybersecurity News, SecurityWeek, Dark Reading, Tenable CVE database
SIGNAL: This is the first major cross-tenant AI platform vulnerability. Every CISO running multi-tenant AI infrastructure needs to audit today.