Description
Dify before version 1.14.0 contains an authorization bypass vulnerability that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request. Attackers can exploit insufficient permission verification in the chat-messages endpoints to access files without ownership validation, bypassing workspace separation and signed URL protections to retrieve sensitive file contents through workflow processing.
References (3)
Core 3
Core References
Patch release-notes
patch
https://github.com/langgenius/dify/releases/tag/1.14.0
Exploit technical-description
exploit
https://huntr.com/bounties/181136ec-d957-4b75-8ea7-6fa7b8abd01d
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/dify-authorization-bypass-via-file-uuid
Scores
CVSS v3
6.5
EPSS
0.0033
EPSS Percentile
24.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-639
Status
published
Products (1)
langgenius/dify
< 1.14.0 (2 CPE variants)
Published
May 05, 2026
Tracked Since
May 06, 2026