CVE-2026-41949 — Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across — CVE Database · The Intelligence Room