CVE-2026-41950
Authorization Bypass in Dify Exposes Tenant Files
Publication date: 2026-05-05
Last updated on: 2026-05-06
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dify | dify | to 1.14.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Dify versions before 1.14.0 and is an authorization bypass issue. It allows authenticated users to read the full contents of files uploaded by other users within the same tenant. This is done by supplying an arbitrary file UUID in the files array of a chat-messages request.
The root cause is insufficient permission verification in the chat-messages endpoints, which means the system does not properly check if the user owns or has permission to access the requested files. As a result, attackers can bypass workspace separation and signed URL protections to retrieve sensitive file contents through workflow processing.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive files uploaded by other users within the same tenant. An attacker who is authenticated can read files they should not have access to, potentially exposing confidential or private information.
Because the vulnerability bypasses workspace separation and signed URL protections, it undermines the intended security boundaries, increasing the risk of data leakage and privacy violations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows authenticated users to bypass authorization controls and access sensitive files uploaded by other users within the same tenant. Such unauthorized access to sensitive data can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls on access to personal and sensitive information.
By enabling attackers to retrieve sensitive file contents without proper ownership validation, the vulnerability undermines data confidentiality and privacy requirements essential for compliance with these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring chat-messages requests that include the files array with arbitrary file UUIDs. Anomalous requests where authenticated users access files not owned by them within the same tenant may indicate exploitation attempts.
Specifically, detection involves inspecting API calls to the chat-messages endpoints for unauthorized file UUIDs being requested.
While no explicit commands are provided in the resources, network administrators can use tools like tcpdump or Wireshark to capture HTTP requests to the chat-messages endpoint and grep or filter for suspicious file UUIDs in the files array.
- Use tcpdump to capture traffic on the relevant port: tcpdump -i <interface> -A 'tcp port <port_number>'
- Filter captured traffic for chat-messages requests containing the files array: grep 'files' captured_traffic.log
- Review logs or API request records for file UUIDs accessed by users who should not have permission.
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade Dify to version 1.14.0 or later, where this authorization bypass vulnerability has been fixed.
Until the upgrade can be applied, restrict access to the chat-messages endpoints to trusted users only and monitor for suspicious activity involving file UUIDs.
Additionally, review and tighten permission checks and access controls around file retrieval in the application if possible.