Vulnerability Description
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit insufficient permission verification in the chat-messages endpoints to access files without ownership validation, bypassing workspace separation and signed URL protections to retrieve sensitive file contents through workflow processing.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Langgenius | Dify | < 1.14.0 |
Related Weaknesses (CWE)
References
- https://github.com/langgenius/dify/releases/tag/1.14.0Release Notes
- https://huntr.com/bounties/181136ec-d957-4b75-8ea7-6fa7b8abd01dExploitThird Party Advisory
- https://www.vulncheck.com/advisories/dify-authorization-bypass-via-file-uuidThird Party Advisory
- https://huntr.com/bounties/181136ec-d957-4b75-8ea7-6fa7b8abd01dExploitThird Party Advisory
FAQ
What is CVE-2026-41950?
CVE-2026-41950 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying...
How severe is CVE-2026-41950?
CVE-2026-41950 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41950?
Check the references section above for vendor advisories and patch information. Affected products include: Langgenius Dify.