CVE-2026-41948 | langgenius dify up to 1.14.1 Plugin Daemon REST API path traversal (EUVD-2026-30771)

A vulnerability, which was classified as problematic, was found in langgenius dify up to 1.14.1. This issue affects some unknown processing of the component Plugin Daemon REST API. Such manipulation leads to relative path traversal.

This vulnerability is listed as CVE-2026-41948. The attack may be performed from remote. There is no available exploit.

It is best practice to apply a patch to resolve this issue.VulDB Recent EntriesRead More