Ethical Hacking News
Awareness and Vigilance: Over 1 Million AI Applications Exposed to Critical Vulnerabilities - Four bugs discovered in Dify platform, posing significant threat to over 1 million AI applications across various industries. Follow the latest developments in this story at Security Affairs.
The open-source AI platform Dify has four critical bugs discovered, posing a threat to over 1 million AI applications. The most severe flaw allows an attacker to create a persistent exfiltration channel without authentication. A critical vulnerability resides in the Plugin Daemon internal service of Dify's plugin system. Two additional flaws involve file access and expose vulnerabilities related to document previewing. Dify ran a vulnerable PDFium binary for over a year before being patched, highlighting similar risks in other AI applications. Organizations should implement WAF rules and regularly update their software to mitigate these risks.
The world of artificial intelligence (AI) has experienced a significant setback, as four critical bugs have been discovered in an open-source AI platform used by major companies like Volvo and Maersk. The vulnerability, identified as DifyTap, poses a serious threat to the security and integrity of over 1 million AI applications across more than 60 industries.
Zafran Labs researchers uncovered the four flaws in Dify, a platform that provides tracing and monitoring capabilities for AI models. Two of these vulnerabilities are rated critical in severity, while two others require no authentication at all. The most severe flaw, CVE-2026-41947, allows an attacker to create a persistent exfiltration channel by configuring their own tracing for any application they can access as a client.
The second critical flaw, CVE-2026-41948, resides in the Plugin Daemon internal service of Dify's plugin system. The researchers discovered two primitives that enable access to arbitrary endpoints within the Plugin Daemon, which can be exploited without logging into the platform. This vulnerability has significant implications for organizations relying on AI applications.
The remaining two flaws involve file access and expose vulnerabilities related to document previewing. Any console user can view any document in the entire system due to the lack of an ownership check or tenant check. Additionally, a client can attach another user's file UUID to their chat message and prompt a chatbot to read it back, demonstrating the severity of this issue.
Furthermore, Dify ran a vulnerable PDFium binary for over a year and a half before being patched in version 1.14.2. The researchers emphasize that many AI applications face similar dangers due to parsing untrusted file formats from sources, allowing end users to trigger known vulnerabilities in programs like PDFium or ffmpeg.
To mitigate these risks, it is recommended to implement Web Application Firewall (WAF) rules specifically designed to address CVE-2026-41948. Additionally, organizations should regularly update their software and consider applying sandboxing measures to protect against similar vulnerabilities.
This incident highlights the importance of security awareness in the rapidly evolving field of AI applications. The severity of these flaws underscores the need for vigilance and proactive measures to prevent data breaches and potential misuse.
Related Information:
https://www.ethicalhackingnews.com/articles/Awareness-and-Vigilance-Over-1-Million-AI-Applications-Exposed-to-Critical-Vulnerabilities-ehn.shtml
https://securityaffairs.com/194081/hacking/difytap-four-bugs-put-over-1-million-ai-apps-at-risk.html
https://cybersecuritynews.com/difytap-flaws-wiretap-ai-data-across-tenants/
https://nvd.nist.gov/vuln/detail/CVE-2026-41947
https://www.cvedetails.com/cve/CVE-2026-41947/
https://nvd.nist.gov/vuln/detail/CVE-2026-41948
https://www.cvedetails.com/cve/CVE-2026-41948/
Published: Tue Jun 23 13:09:02 2026 by llama3.2 3B Q4_K_M
