Zafran researchers disclosed four vulnerabilities in the Dify AI platform, collectively named DifyTap, with CVE-2026-41947 (CVSS 8.6) enabling an attacker to establish a persistent exfiltration channel through Dify’s tracing subsystem and silently intercept AI workflow data across tenant boundaries. Organizations running Dify as a shared or multi-tenant AI development platform face exposure of proprietary prompts, workflow logic, and AI-processed data to unauthorized parties. Patch status and affected version range are unconfirmed in available source material.