CVE Roundup June 2026: Samsung, FFmpeg, Dify Flaws

Four high-severity vulnerabilities disclosed this week span Samsung Galaxy devices, the FFmpeg media framework, and the Dify AI platform — while OpenAI and Dragos separately announced tools aimed at closing the gap between vulnerability discovery and remediation. The disclosures include CVSS scores ranging from 6.5 to 9.4, with patches available for most affected products as of late June 2026.

Eight-Year-Old Samsung KNOX Race Condition Patched

A use-after-free flaw in Samsung’s KNOX kernel, present for roughly eight years across devices from the Galaxy S9 through the S25, was patched after researchers at LucidBit Labs disclosed it to Samsung. Tracked as CVE-2026-20971 with a CVSS score of 7.8, the vulnerability stems from a race condition between PROCA, Samsung’s proprietary process authenticator, and FIVE, its kernel-side integrity subsystem.

When a process forks a child and the child calls `execve()`, FIVE is supposed to drop the old integrity object instantaneously. Android’s preemptive kernel, however, creates a brief window where a thread can be suspended between reading a pointer and using it. According to LucidBit Labs’ disclosure reported by SecurityWeek, “the target task executes execve(), specifically taskintegrityput(oldtint), freeing the original struct. procintegrityvalueread() resumes and calls taskintegrityuser_read() with a pointer to freed memory.”

Samsung’s built-in kernel control flow integrity (KCFI) blocked the most dangerous exploitation paths — arbitrary function calls — but did not eliminate the underlying UAF. LucidBit Labs found a bypass by directing the process to load a non-ELF file, removing a reference-count blocker that would otherwise prevent reallocation of the freed memory. The researchers characterized exploitation as possible but not trivial.

FFmpeg PixelSmash Flaw Enables RCE via Crafted Media Files

CVE-2026-8461, dubbed PixelSmash, is a heap out-of-bounds write in FFmpeg’s `libavcodec` MagicYUV decoder carrying a CVSS score of 8.8. Security firm JFrog disclosed the flaw, warning it affects desktop video players, Linux file managers, self-hosted media servers, NAS appliances, and cloud transcoding pipelines — effectively any software that links against FFmpeg for video decoding.

According to JFrog’s analysis covered by SecurityWeek, the bug is “caused by an inconsistency between how the frame allocator and the decoder compute chroma plane heights” during slice handling. An attacker can place a NUL-terminated shell command at a specific out-of-bounds offset to obtain shell execution before the FFmpeg process crashes on subsequent heap corruption.

Exploitation vectors are broad:

• Desktop: opening a malicious file in a video player, or browsing a folder containing it if the file manager uses FFmpeg for thumbnail generation
• Server: uploading a crafted media file to a chat platform, media server, or cloud transcoding service that auto-processes uploads
• Appliances: NAS devices and smart TVs that generate video thumbnails

Users and vendors should update to the patched FFmpeg release. Given FFmpeg’s role as a foundational dependency across thousands of applications, downstream projects will need to ship their own updates before end users are fully protected.

DifyTap: Four Bugs Let Attackers Exfiltrate AI Chat Histories

Researchers at Zafran disclosed four vulnerabilities in Dify, an open-source AI orchestration platform with more than 10 million pulls of its API image on Docker and tens of thousands of internet-facing instances, according to Dark Reading’s coverage. The vulnerability set, collectively called DifyTap, includes:

• CVE-2026-41947 (CVSS 9.1) — tracing configuration flaw enabling leak of private AI chat histories
• CVE-2026-41948 (CVSS 9.4) — Plugin Daemon path traversal allowing unauthenticated requests to traverse Dify’s internal API
• CVE-2026-41949 (CVSS 6.5) — unauthorized document preview bug permitting cross-tenant document access
• CVE-2026-41950 (CVSS 6.5) — cross-file user access flaw leaking files across users within a tenant

CVE-2026-41947, CVE-2026-41949, and CVE-2026-41950 are patched in Dify version 1.14.2. A fix for CVE-2026-41948 has been merged on GitHub; Zafran recommends building and deploying the latest GitHub version to address all four simultaneously. Organizations running Dify in multi-tenant or internet-exposed configurations should treat CVE-2026-41948’s CVSS 9.4 rating as the priority given its unauthenticated attack surface.

OpenAI and Dragos Respond to the Remediation Bottleneck

Two separate product announcements this week addressed the operational problem that follows disclosure: actually getting patches deployed at scale.

OpenAI expanded its Daybreak cybersecurity initiative on Monday, arguing that AI has accelerated vulnerability discovery to the point where defenders are now overwhelmed by findings volume. Its updated Codex Security plugin can scan codebases, trace attack paths, generate patches, and export results via SARIF files and CodeQL queries. Since a March research preview, the tool has processed more than 30 million commits across over 30,000 repositories, with human reviewers confirming more than 70,000 fixes and an additional 500,000 findings resolved automatically.

OpenAI also launched GPT-5.5-Cyber, scoring 85.6% on the CyberGym benchmark — which tests an agent’s ability to reproduce known vulnerabilities — versus 81.8% for standard GPT-5.5. Access remains limited to verified defenders.

Dragos on Tuesday unveiled EmberAI, an AI module for operational technology (OT) security built on the company’s Intelligence Fabric dataset. EmberAI allows analysts to query threat and vulnerability data in plain language within the customer’s own environment, with Dragos stating that customer data never leaves their deployment. The launch follows Accenture’s announcement of a majority stake in Dragos as part of a broader OT security push.

What This Means

The CVE-2026-20971 Samsung disclosure is a reminder that proprietary kernel extensions in consumer devices can carry latent race conditions for years before being identified — and that hardware generations ship faster than security audits. The eight-year window between introduction and discovery of the KNOX flaw spanned six Galaxy S generations.

FFmpeg’s PixelSmash is the more operationally urgent issue for most organizations. Because FFmpeg is a dependency rather than an end-user product, the blast radius depends entirely on how quickly downstream maintainers ship updated packages. Cloud transcoding services and NAS vendors in particular should treat this as a priority patch cycle given the server-side, zero-click exploitation path via file upload.

DifyTap’s CVSS 9.4 path traversal flaw is notable given Dify’s rapid adoption as AI infrastructure. As organizations build internal AI tooling on orchestration platforms like Dify, those platforms inherit the same multi-tenant security requirements as any SaaS product — requirements that open-source projects don’t always prioritize in early growth phases.

The OpenAI and Dragos announcements reflect a structural shift: the security industry is beginning to treat patch deployment velocity, not just discovery, as the core metric. Whether AI-assisted remediation tools can meaningfully compress the window between CVE publication and production patch deployment remains to be demonstrated at scale.

FAQ

What devices are affected by CVE-2026-20971?

The Samsung KNOX vulnerability affects Galaxy devices from the S9 through the S25, according to LucidBit Labs’ disclosure. Samsung has issued a patch; users should apply the latest security update for their device through Samsung’s standard update channel.

How is the FFmpeg PixelSmash vulnerability exploited?

An attacker delivers a crafted media file to any application using FFmpeg’s `libavcodec` for decoding. On desktop systems, simply opening the file — or browsing a folder containing it if the file manager generates thumbnails via FFmpeg — triggers the flaw. On servers, uploading the file to a platform that auto-processes media is sufficient for remote code execution.

Is Dify version 1.14.2 fully patched against DifyTap?

Three of the four DifyTap CVEs (CVE-2026-41947, CVE-2026-41949, CVE-2026-41950) are fixed in Dify 1.14.2. The fix for CVE-2026-41948, the highest-severity flaw at CVSS 9.4, has been merged on GitHub but is not yet in a numbered release — Zafran recommends building from the latest GitHub source to address all four vulnerabilities simultaneously.