CVE-2026-41949 langgenius CVE debrief

Who should care

Organizations running self-hosted Dify instances or using Dify Cloud; security teams responsible for multi-tenant application security; developers building file handling APIs requiring tenant isolation.

Technical summary

The `/console/api/files/{file_id}/preview` endpoint in Dify 1.14.1 and prior fails to validate that the requesting authenticated user has ownership or workspace permissions for the target file. By obtaining or guessing a file UUID, any authenticated user can retrieve up to 3,000 characters of document content regardless of tenant or workspace boundaries. The vulnerability is classified as CWE-639 (Authorization Bypass Through User-Controlled Key).

Defensive priority

HIGH

Recommended defensive actions

• Upgrade to Dify version later than 1.14.1 or apply the patch from the vendor pull request
• Review access logs for unauthorized access to `/console/api/files/{file_id}/preview` with file UUIDs outside expected tenant/workspace scope
• Implement additional authorization checks at the API gateway or WAF layer for file preview endpoints pending patch deployment
• Consider disabling or restricting self-registration on Dify Cloud deployments if not required for business operations
• Rotate any sensitive documents that may have been exposed via file UUID enumeration
• Monitor for anomalous authenticated user behavior following free account registration

Evidence notes

Authorization bypass confirmed in file preview endpoint; no ownership or workspace permission checks; 3,000 character content extraction limit; unauthenticated self-registration on Dify Cloud lowers barrier to exploitation.

Official resources