> TritonInfoSec News
Home / Jun 23, 2026 / Story
0
#9 The Hacker News general June 22, 2026 at 16:13 UTC

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

By [email protected] (The Hacker News)

AI Summary

Zafran Security disclosed four vulnerabilities collectively named 'DifyTap' in Dify, an open-source AI agentic workflow platform with over 146,000 GitHub stars, that allow unauthenticated attackers to read AI conversation data across tenant boundaries. The cross-tenant data leakage flaws expose sensitive AI interaction logs from other customers' applications, making this a critical concern for multi-tenant Dify deployments used in enterprise AI workflows. Organizations running Dify should apply available patches and audit their multi-tenant configurations immediately.

Read full article → https://thehackernews.com/2026/06/researchers-deta…

Relevance score: 75.0/100

# More from June 23

  1. 1
    FortiBleed campaign used custom FortiGate sniffer to steal credentials BleepingComputer
  2. 2
    New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones SecurityWeek
  3. 3
    Fortinet Responds to FortiBleed Campaign SecurityWeek
  4. 4
    Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices The Hacker News
  5. 5
    ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack The Hacker News
  6. 6
    29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests The Hacker News
  7. 7
    AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network The Hacker News
  8. 8
    North Korean Hackers Blamed for Mastra NPM Supply Chain Attack SecurityWeek
  9. 10
    More Cybersecurity Firms Disclose Impact From Klue Hack SecurityWeek