CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

CVE-2026-41949: Authorization Bypass in Dify File Preview Endpoint

June 25, 2026

An authorization bypass vulnerability (CVSS 7.5/5.9) in Dify's file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID.