{"id":278723,"date":"2026-06-22T12:13:00","date_gmt":"2026-06-22T16:13:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/22\/researchers-detail-difytap-flaws-in-dify-that-could-expose-ai-chats-across-tenants\/"},"modified":"2026-06-22T13:50:23","modified_gmt":"2026-06-22T17:50:23","slug":"researchers-detail-difytap-flaws-in-dify-that-could-expose-ai-chats-across-tenants","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/22\/researchers-detail-difytap-flaws-in-dify-that-could-expose-ai-chats-across-tenants\/","title":{"rendered":"Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants"},"content":{"rendered":"

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/06\/researchers-detail-difytap-flaws-in.html<\/a><\/p>\n

Publish Date: 2026-06-22 12:13:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802Jun 22, 2026<\/span><\/span>AI Security \/ Vulnerability<\/span><\/p>\n

Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers’ applications without requiring authentication.<\/p>\n

The vulnerabilities have been collectively codenamed DifyTap by Zafran Security.<\/p>\n

“Two were critical severity, two required no authentication, and three carried cross-tenant impact on Dify’s multi-tenant cloud service, allowing one customer’s data to be exposed to another,” researchers Ido Shani and Gal Zaban said.<\/p>\n

The security defects could have allowed attackers to read private AI chats from other customers’ applications, creating a covert exfiltration channel for every message and model response.<\/p>\n

They also made it possible to traverse Dify’s internal Plugin Daemon API from unauthenticated requests and trigger cross-tenant internal API calls, as well as preview documents uploaded by other tenants and leak files across users within a tenant by attaching another user’s file unique identifier.<\/p>\n

Separately, Zafran said it also discovered that Dify’s file parsing stack relied on a version of PDFium, an open-source C++ library for PDF rendering, that was vulnerable to CVE-2024-5846 (CVSS score: 8.8), a two-year-old use-after-free bug that could allow a remote attacker to potentially exploit heap corruption via a crafted PDF file.<\/p>\n

\"\"<\/p>\n

The remaining vulnerabilities are listed below –<\/p>\n