Skip to main content

Dify CVE-2026-41950

| EUVDEUVD-2026-27504 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-05-05 VulnCheck
6.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 05, 2026 - 21:33 vuln.today
CVSS changed
May 05, 2026 - 21:22 NVD
6.5 (MEDIUM) 6.0 (MEDIUM)

DescriptionCVE.org

Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit insufficient permission verification in the chat-messages endpoints to access files without ownership validation, bypassing workspace separation and signed URL protections to retrieve sensitive file contents through workflow processing.

AnalysisAI

Dify before version 1.14.0 allows authenticated users to bypass authorization controls and read arbitrary files uploaded by other users within the same tenant by supplying unauthorized file UUIDs in chat-messages API requests. The vulnerability exploits insufficient permission verification on file access endpoints, enabling attackers to circumvent workspace separation and signed URL protections to retrieve sensitive file contents processed through workflows. Publicly available exploit code exists, and a vendor-released patch (version 1.14.0) is available.

Technical ContextAI

Dify is an AI application development platform that manages file uploads and user collaboration within multi-tenant workspaces. The vulnerability resides in the chat-messages endpoints responsible for processing file references during workflow execution. The affected code fails to validate that the authenticated user owns or has explicit permission to access files identified by UUID before passing them to workflow processors. CWE-639 (Authorization Bypass Through User-Controlled Key) describes the root cause: the application accepts user-supplied file UUIDs as authorization credentials without verifying the requester's relationship to those resources. Attackers exploit this by crafting requests that reference file UUIDs belonging to other workspace members, leveraging the fact that Dify's internal processing mechanisms (workflow processors, file handlers) trust the UUID provided without re-validating ownership. The vulnerability affects the file access control layer across all tenant isolation boundaries within a single workspace.

RemediationAI

Upgrade to Dify version 1.14.0 or later immediately. The vendor has released a patched version available at https://github.com/langgenius/dify/releases/tag/1.14.0. For deployments unable to upgrade immediately, apply compensating controls: (1) Restrict chat-messages API endpoint access to a firewall rule permitting only trusted application servers or VPNs, reducing exposure to random attackers (trade-off: limits external integrations); (2) Implement strict file UUID logging and audit alerts on the chat-messages endpoint to detect anomalous UUID references not matching the authenticated user's file inventory (trade-off: requires operational monitoring overhead); (3) Enforce workspace-level file access policies at the application level by disabling file sharing across users until patched (trade-off: reduces collaboration features). Do not rely on signed URLs or workspace separation alone, as those are bypassed by this vulnerability. Review audit logs for unauthorized file access patterns using the exploit reference at https://huntr.com/bounties/181136ec-d957-4b75-8ea7-6fa7b8abd01d to understand attack signatures.

More in Dify

View all
CVE-2025-56157 CRITICAL POC
9.8 Dec 18

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al

CVE-2026-41948 CRITICAL POC
9.3 May 18

Path traversal in Dify versions 0 through 1.14.1 allows authenticated tenants to escape their authorized tenant path and

CVE-2026-41947 CRITICAL POC
9.3 May 18

Cross-tenant authorization bypass in LangGenius Dify versions through 1.14.1 lets any logged-in editor reroute another t

CVE-2025-1796 HIGH POC
8.8 Mar 20

A vulnerability in langgenius/dify v0.10.1 allows an attacker to take over any account, including administrator accounts

CVE-2026-61461 HIGH POC
8.7 Jul 10

SQL injection in Dify's MyScale vector store backend (versions before 1.16.0-rc1) lets authenticated attackers execute a

CVE-2026-41949 HIGH POC
8.2 May 18

Cross-tenant document disclosure in Dify 1.14.1 and prior allows any authenticated user to read up to 3,000 characters o

CVE-2024-12039 HIGH POC
8.1 Mar 20

langgenius/dify version v0.10.1 contains a vulnerability where there are no limits applied to the number of code guess a

CVE-2024-12776 HIGH POC
8.1 Mar 20

In langgenius/dify v0.10.1, the `/forgot-password/resets` endpoint does not verify the password reset code, allowing an

CVE-2025-43862 HIGH POC
7.6 Apr 25

Dify is an open-source LLM app development platform. Rated high severity (CVSS 7.6), this vulnerability is remotely expl

CVE-2024-11824 HIGH POC
7.6 Mar 20

A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log

CVE-2024-11822 HIGH POC
7.5 Mar 20

langgenius/dify version 0.9.1 contains a Server-Side Request Forgery (SSRF) vulnerability. Rated high severity (CVSS 7.5

CVE-2025-3466 HIGH POC
7.2 Jul 07

CVE-2025-3466 is a security vulnerability (CVSS 7.2). Risk factors: public PoC available. Vendor patch is available.

Share

CVE-2026-41950 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy