Researchers at Zafran disclosed four vulnerabilities in Dify, an open-source AI application development platform used by over one million applications, enabling cross-tenant data exfiltration in multi-tenant deployments. CVE-2026-41947 (CVSS 8.1) is the lead flaw, exploiting a persistent covert channel in Dify’s tracing subsystem to siphon AI interaction data across tenant boundaries. Organizations running Dify in shared or SaaS multi-tenant configurations face direct risk of sensitive AI workflow data exposure to unauthorized parties.