An authorization bypass vulnerability (CVSS 6.5) in Dify that allows authenticated users to read the full contents of files uploaded by other users within the same tenant by supplying an arbitrary file UUID in the files array of a chat-messages request.