{"uuid": "d14dbcae-dd61-48a1-9816-3dc6116bc0f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41948", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116599359441666989", "content": "\ud83d\udea8 CRITICAL: CVE-2026-41948 in langgenius Dify \u22641.14.1 enables authenticated users to bypass tenant path restrictions and access internal REST API endpoints. No patch yet \u2014 restrict API access & monitor logs. Details: https://radar.offseq.com/threat/cve-2026-41948-relative-path-traversal-in-langgeni-65e19181 #OffSeq #vulnerability #infosec", "creation_timestamp": "2026-05-19T04:30:31.475799Z"}