{"vulnerability": "CVE-2026-41948", "sightings": [{"uuid": "d14dbcae-dd61-48a1-9816-3dc6116bc0f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41948", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116599359441666989", "content": "\ud83d\udea8 CRITICAL: CVE-2026-41948 in langgenius Dify \u22641.14.1 enables authenticated users to bypass tenant path restrictions and access internal REST API endpoints. No patch yet \u2014 restrict API access & monitor logs. Details: https://radar.offseq.com/threat/cve-2026-41948-relative-path-traversal-in-langgeni-65e19181 #OffSeq #vulnerability #infosec", "creation_timestamp": "2026-05-19T04:30:31.475799Z"}, {"uuid": "a90f424b-35d4-4902-beab-2b409afac895", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41948", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116601058386037204", "content": "Some increased actor activities are shown targeting langgenius dify (CVE-2026-41948) https://vuldb.com/vuln/364479/cti", "creation_timestamp": "2026-05-19T11:42:34.853421Z"}]}