127 matches found
CVE-2026-24770
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server leading to Remote Code Execution via a malicious ZIP archive...
CVE-2026-24770
RAGFlow (open‑source RAG engine) has a Zip Slip flaw in the MinerUParser that affects v0.23.1 and possibly earlier. The vulnerability arises in the ZIP extraction path (MinerUParser, _extract_zip_no_root) where filenames inside archives aren’t sanitized, enabling overwriting of arbitrary server f...
RAGFlow path traversal vulnerability
RAGFlow is an open-source RAG engine based on deep document understanding, developed by InfiniFlow. Versions of RAGFlow prior to 0.23.1 contained a path traversal vulnerability. This vulnerability stemmed from an arbitrary file overwrite vulnerability in the MinerU parser, which could lead to...
CVE-2025-69286
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
CVE-2025-68700
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...
CVE-2025-68700
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...
CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
CVE-2025-69286
RAGFlow prior to 0.22.0 uses an insecure key generation algorithm for API keys and beta tokens. Both tokens are generated with the same URLSafeTimedSerializer and predictable inputs, so a user with the shared assistant/agent URL can derive the personal API key, granting full control over the owne...
CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
EUVD-2025-206092
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta assistant/agent share auth token generation process allows these tokens to be mutually derivable. Specifically, both tokens are...
CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...
EUVD-2025-206093
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...
CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...
CVE-2025-68700
RAGFlow (pre-0.23.0) is affected by a Remote Code Execution vulnerability. An authenticated, low-privilege user can cause arbitrary commands on the server host via the frontend Canvas CodeExec component because untrusted stdout is parsed with eval() without filtering or sandboxing. This design fl...
CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...
RAGFlow 安全漏洞
RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow open source. A security vulnerability exists in RAGFlow versions prior to 0.23.0, which stems from the front-end Canvas CodeExec component using eval to parse untrusted data without filtering or sandboxing,...
RAGFlow 安全漏洞
RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A security vulnerability exists in RAGFlow versions prior to 0.22.0 that stems from the use of insecure key generation algorithms during API key and beta token generation, which could lead to...
PT-2025-54459
Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.23.0 Description RAGFlow is a Retrieval-Augmented Generation engine susceptible to arbitrary system command execution. A low-privileged authenticated user can execute commands on the server host process through the...
PT-2025-54469
Name of the Vulnerable Software and Affected Versions RAGFlow versions prior to 0.22.0 Description RAGFlow is a Retrieval-Augmented Generation engine. Versions prior to 0.22.0 utilize an insecure key generation algorithm when creating API keys and beta tokens assistant/agent share auth. This allo...