CVE-2026-41949
published 2026-05-18CVE-2026-41949: Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000…
PriorityP350high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.43%
34.8th percentile
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dify | dify | <= 1.14.1 | — |
| langgenius | dify | < 1.14.2 | 1.14.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jv3f-qwf9-wvq9: Dify version 1
ghsa_unreviewed·2026-05-18
CVE-2026-41949 [HIGH] CWE-639 GHSA-jv3f-qwf9-wvq9: Dify version 1
Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
VulDB
langgenius dify up to 1.14.1 File Preview Endpoint preview authorization (EUVD-2026-30774)
vuldb·2026-05-18·CVSS 8.2
CVE-2026-41949 [HIGH] langgenius dify up to 1.14.1 File Preview Endpoint preview authorization (EUVD-2026-30774)
A vulnerability classified as problematic was found in langgenius dify up to 1.14.1. This affects an unknown part of the file /console/api/files/{file_id}/preview of the component File Preview Endpoint. The manipulation results in authorization bypass.
This vulnerability is identified as CVE-2026-41949. The attack can be executed remotely. There is not any exploit available.
It is advisable to implement a patch to correct this issue.
No detection rules found.
No public exploits indexed.
https://github.com/langgenius/dify/commit/432a6412a3fdb30ce48003d699b90cc7d890df20https://github.com/langgenius/dify/pull/35797https://github.com/langgenius/dify/releases/tag/1.14.2https://huntr.com/bounties/d50a0240-7951-4939-b989-9bded66c7682https://www.vulncheck.com/advisories/dify-authorization-bypass-via-file-preview-endpointhttps://www.zafran.io/resources/difytap-zafran-discovers-how-attackers-can-silently-wiretap-ai-data-across-tenants-on-a-platform-powering-1m-apps
2026-05-18
Published