CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

CVE-2026-41950: Authorization Bypass in Dify File Read Within Tenant

June 25, 2026

An authorization bypass vulnerability (CVSS 6.5) in Dify that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request.