Lucene search
K

4 matches found

NVD
NVD
added 2026/05/18 3:16 p.m.12 views

CVE-2026-41948

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

9.4CVSS0.00509EPSS
Exploits1References4
CVE
CVE
added 2026/05/18 1:50 p.m.36 views

CVE-2026-41948

Dify v1.14.1 (and prior) is affected by a path traversal vulnerability in the Plugin Daemon internal API caused by insufficient URL path sanitization. authenticated users can traverse outside their tenant path using unencoded dot sequences in task IDs or manipulated filename parameters to reach i...

9.4CVSS5.8AI score0.00509EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/18 1:50 p.m.8 views

CVE-2026-41948

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

9.2CVSS5.8AI score0.00509EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41675

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.14.2 Description Authenticated users can manipulate requests forwarded to the Plugin Daemon's internal REST API due to insufficient URL path sanitization. By using unencoded dot sequences in task identifiers or...

9.4CVSS6.1AI score0.00509EPSS
Exploits1References16
Rows per page
Query Builder