https://vulnerability.circl.lu/sightings/feed 2026-06-07T20:45:19.588415+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/31ab4f94-b943-4f20-b53a-d910931d9c8b/export 2026-06-07T20:45:20.010218+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "31ab4f94-b943-4f20-b53a-d910931d9c8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mm5dtbyy3q2o", "content": "CVE-2026-41947 - Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints\nCVE ID : CVE-2026-41947\n \n Published : May 18, 2026, 3:16 p.m. | 55\u00a0minutes ago\n \n Description : Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authen...", "creation_timestamp": "2026-05-18T16:56:44.810872Z"} 2026-05-18T16:56:44.810872+00:00 https://vulnerability.circl.lu/sighting/a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb/export 2026-06-07T20:45:20.008683+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41947", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116599714465595162", "content": "\ud83d\udea8 CRITICAL: CVE-2026-41947 in langgenius Dify \u22641.14.1 lets editor users bypass tenant checks, redirecting app messages to attacker LLMs. Free self-registration increases risk. Restrict editor roles & monitor configs. https://radar.offseq.com/threat/cve-2026-41947-authorization-bypass-through-user-c-da35e5dc #OffSeq #CVE202641947 #AppSec", "creation_timestamp": "2026-05-19T06:00:48.759805Z"} 2026-05-19T06:00:48.759805+00:00