Description
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Published: 2026-05-18
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Dify allows an authenticated user to bypass authorization checks on the file preview endpoint and read up to 3,000 characters of any uploaded document across all tenants and workspaces, exposing sensitive content without ownership or permission verification. This bypass is an information disclosure flaw under CWE-639, permitting attackers to acquire confidential data through the public API endpoint. The model of the attack, entirely reliant on a known file UUID and ordinary authentication, leaves confidential documents exposed to any user who can obtain the file identifier.

Affected Systems

All installations of Dify by Langgenius running version 1.14.1 or earlier are affected. The issue applies to the file preview API endpoint available to all authenticated users across all tenants and workspaces, regardless of document ownership.

Risk and Exploitability

With a CVSS score of 8.2, the vulnerability is considered high severity. The EPSS score is < 1% (approximately 0.00036), indicating a low exploitation probability, but the vulnerability can still be exploited easily because the file preview endpoint is publicly reachable and any attacker can create a free account on Dify Cloud, allowing them to authenticate and request the preview for any intercepted or guessed file UUID. The lack of a KEV listing suggests no known mass exploitation, yet the straightforward attack path and broad access make it a significant risk for data leakage.

Generated by OpenCVE AI on May 26, 2026 at 19:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Dify to version 1.14.2 or later, which removes the authorization check on the file preview endpoint.
  • Restrict the /console/api/files/{file_id}/preview API to document owners and enforce tenant‑level permission checks.
  • Disable anonymous/free registration on Dify Cloud or require identity verification before allowing preview access.
  • Monitor API logs for unusual preview requests from unfamiliar accounts or IP addresses.

Generated by OpenCVE AI on May 26, 2026 at 19:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 17:00:00 +0000

Type Values Removed Values Added
Description Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker. Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Title Dify v1.14.1 Authorization Bypass via File Preview Endpoint Dify < 1.14.2 Authorization Bypass via File Preview Endpoint
References

Tue, 19 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Dify
Dify dify
CPEs cpe:2.3:a:langgenius:dify:*:*:*:*:*:node.js:*:* cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*
Vendors & Products Dify
Dify dify

Tue, 19 May 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:langgenius:dify:*:*:*:*:*:node.js:*:*

Tue, 19 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 18 May 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Langgenius
Langgenius dify
Vendors & Products Langgenius
Langgenius dify

Mon, 18 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.
Title Dify v1.14.1 Authorization Bypass via File Preview Endpoint
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Dify Dify
Langgenius Dify
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T16:06:56.622Z

Reserved: 2026-04-22T18:50:43.622Z

Link: CVE-2026-41949

cve-icon Vulnrichment

Updated: 2026-05-19T16:21:19.568Z

cve-icon NVD

Status : Modified

Published: 2026-05-18T15:16:26.137

Modified: 2026-05-26T17:16:44.377

Link: CVE-2026-41949

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T19:45:06Z

Weaknesses