https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Thu, 25 Jun 2026 01:43:35 +0000 https://vulnerability.circl.lu/sighting/31ab4f94-b943-4f20-b53a-d910931d9c8b/export {"uuid": "31ab4f94-b943-4f20-b53a-d910931d9c8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mm5dtbyy3q2o", "content": "CVE-2026-41947 - Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints\nCVE ID : CVE-2026-41947\n \n Published : May 18, 2026, 3:16 p.m. | 55\u00a0minutes ago\n \n Description : Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authen...", "creation_timestamp": "2026-05-18T16:56:44.810872Z"} {"uuid": "31ab4f94-b943-4f20-b53a-d910931d9c8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mm5dtbyy3q2o", "content": "CVE-2026-41947 - Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints\nCVE ID : CVE-2026-41947\n \n Published : May 18, 2026, 3:16 p.m. | 55\u00a0minutes ago\n \n Description : Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authen...", "creation_timestamp": "2026-05-18T16:56:44.810872Z"} https://vulnerability.circl.lu/sighting/31ab4f94-b943-4f20-b53a-d910931d9c8b/export Mon, 18 May 2026 16:56:44 +0000 https://vulnerability.circl.lu/sighting/a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb/export {"uuid": "a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41947", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116599714465595162", "content": "\ud83d\udea8 CRITICAL: CVE-2026-41947 in langgenius Dify \u22641.14.1 lets editor users bypass tenant checks, redirecting app messages to attacker LLMs. Free self-registration increases risk. Restrict editor roles & monitor configs. https://radar.offseq.com/threat/cve-2026-41947-authorization-bypass-through-user-c-da35e5dc #OffSeq #CVE202641947 #AppSec", "creation_timestamp": "2026-05-19T06:00:48.759805Z"} {"uuid": "a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41947", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116599714465595162", "content": "\ud83d\udea8 CRITICAL: CVE-2026-41947 in langgenius Dify \u22641.14.1 lets editor users bypass tenant checks, redirecting app messages to attacker LLMs. Free self-registration increases risk. Restrict editor roles & monitor configs. https://radar.offseq.com/threat/cve-2026-41947-authorization-bypass-through-user-c-da35e5dc #OffSeq #CVE202641947 #AppSec", "creation_timestamp": "2026-05-19T06:00:48.759805Z"} https://vulnerability.circl.lu/sighting/a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb/export Tue, 19 May 2026 06:00:48 +0000 https://vulnerability.circl.lu/sighting/55597ebc-db70-4ebf-97d9-2d90e37ae9a9/export {"uuid": "55597ebc-db70-4ebf-97d9-2d90e37ae9a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mnuxvice4k2o", "content": "LLM\u30a2\u30d7\u30ea\u958b\u767a\u57fa\u76e4\u300cDify\u300d\u306b\u8907\u6570\u306e\u30af\u30ea\u30c6\u30a3\u30ab\u30eb\u8106\u5f31\u6027\n\n\u5927\u898f\u6a21\u8a00\u8a9e\u30e2\u30c7\u30eb\uff08LLM\uff09\u30a2\u30d7\u30ea\u958b\u767a\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u300cDify\u300d\u306b\u60c5\u5831\u6f0f\u6d29\u3084\u8a2d\u5b9a\u306e\u6539\u3056\u3093\u306a\u3069\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u660e\u3089\u304b\u3068\u306a\u3063\u305f\u3002\n\n...\n\n\u300cCVE-2026-41948\u300d\u306f\u3001Plugin\u30c7\u30fc\u30e2\u30f3\u306e\u300cREST API\u300d\u306b\u304a\u3044\u3066\u8ee2\u9001\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u64cd\u4f5c\u3067\u304d\u308b\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306e\u8106\u5f31\u6027\u3002\u30c6\u30ca\u30f3\u30c8\u306eUUID\u3092\u628a\u63e1\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u3001\u30bf\u30b9\u30af\u8b58\u5225\u5b50\u3084\u30d5\u30a1\u30a4\u30eb\u540d\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u7d30\u5de5\u3057\u3066\u5185\u90e8\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3078\u30a2\u30af\u30bb\u30b9\u3055\u308c\u308b\u304a\u305d\u308c\u304c\u3042\u308b\u3002\n\n\u300cCVE-2026-41947\u300d\u306f\u3001\u7de8\u96c6\u8005\u6a29\u9650\u306b\u304a\u3051\u308b\u8a8d\u53ef\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027\u3002\u30c8\u30ec\u30fc\u30b9\u8a2d\u5b9a\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u304a\u3051\u308b\u30c6\u30ca\u30f3\u30c8\u6240...", "creation_timestamp": "2026-06-09T19:53:31.495496Z"} {"uuid": "55597ebc-db70-4ebf-97d9-2d90e37ae9a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mnuxvice4k2o", "content": "LLM\u30a2\u30d7\u30ea\u958b\u767a\u57fa\u76e4\u300cDify\u300d\u306b\u8907\u6570\u306e\u30af\u30ea\u30c6\u30a3\u30ab\u30eb\u8106\u5f31\u6027\n\n\u5927\u898f\u6a21\u8a00\u8a9e\u30e2\u30c7\u30eb\uff08LLM\uff09\u30a2\u30d7\u30ea\u958b\u767a\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u300cDify\u300d\u306b\u60c5\u5831\u6f0f\u6d29\u3084\u8a2d\u5b9a\u306e\u6539\u3056\u3093\u306a\u3069\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u660e\u3089\u304b\u3068\u306a\u3063\u305f\u3002\n\n...\n\n\u300cCVE-2026-41948\u300d\u306f\u3001Plugin\u30c7\u30fc\u30e2\u30f3\u306e\u300cREST API\u300d\u306b\u304a\u3044\u3066\u8ee2\u9001\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u64cd\u4f5c\u3067\u304d\u308b\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306e\u8106\u5f31\u6027\u3002\u30c6\u30ca\u30f3\u30c8\u306eUUID\u3092\u628a\u63e1\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u3001\u30bf\u30b9\u30af\u8b58\u5225\u5b50\u3084\u30d5\u30a1\u30a4\u30eb\u540d\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u7d30\u5de5\u3057\u3066\u5185\u90e8\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3078\u30a2\u30af\u30bb\u30b9\u3055\u308c\u308b\u304a\u305d\u308c\u304c\u3042\u308b\u3002\n\n\u300cCVE-2026-41947\u300d\u306f\u3001\u7de8\u96c6\u8005\u6a29\u9650\u306b\u304a\u3051\u308b\u8a8d\u53ef\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027\u3002\u30c8\u30ec\u30fc\u30b9\u8a2d\u5b9a\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u304a\u3051\u308b\u30c6\u30ca\u30f3\u30c8\u6240...", "creation_timestamp": "2026-06-09T19:53:31.495496Z"} https://vulnerability.circl.lu/sighting/55597ebc-db70-4ebf-97d9-2d90e37ae9a9/export Tue, 09 Jun 2026 19:53:31 +0000 https://vulnerability.circl.lu/sighting/e39c6255-f6bd-408e-8986-ad16d792ccaa/export {"uuid": "e39c6255-f6bd-408e-8986-ad16d792ccaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmqfv2my2n", "content": "\ud83d\udea8 ALERT: CVE-2026-41947\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nDify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant owners", "creation_timestamp": "2026-06-22T00:25:09.045512Z"} {"uuid": "e39c6255-f6bd-408e-8986-ad16d792ccaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmqfv2my2n", "content": "\ud83d\udea8 ALERT: CVE-2026-41947\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nDify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant owners", "creation_timestamp": "2026-06-22T00:25:09.045512Z"} https://vulnerability.circl.lu/sighting/e39c6255-f6bd-408e-8986-ad16d792ccaa/export Mon, 22 Jun 2026 00:25:09 +0000