DifyTap vulnerabilities expose AI chats across tenants

The Hacker News

Four vulnerabilities (two critical) in Dify's multi-tenant cloud service could allow unauthenticated attackers to read private AI conversations from other customers. The flaws, named DifyTap by Zafran Security, also enable cross-tenant API calls and file leakage.

dify

The Hacker News

Jun 22, 4:13 PM