- Description
- Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
- Source
- disclosure@vulncheck.com
- NVD status
- Modified
- Products
- dify
CVSS 4.0
- Type
- Secondary
- Base score
- 8.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- disclosure@vulncheck.com
- CWE-639
- Hype score
- Not currently trending
Difyでテナント跨ぎでデータが漏洩する脆弱性群DifyTapについて。CVE-2024-5846、CVE-2026-41947、CVE-2026-41948、CVE-2026-41949、CVE-2026-41950。CVE-2026-41948は未修正。それ以外はバージョン1.14.2で修正。 https://t.co/r21ymejfZL
@__kokumoto
23 Jun 2026
797 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers exploited authorization bypasses in Dify's multi-tenant AI platform to access private conversations across all tenants using only file UUIDs. The flaws (CVE-2026-41949, CVE-2026-21866) demonstrate how weak tenant isolation can turn single compromises
@aviatrixtrc
22 Jun 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A125CFA5-D056-4A11-8EE1-0B5FC5628CF3",
"versionEndIncluding": "1.14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]