Infiniflow Ragflow vulnerabilities
17 known vulnerabilities affecting infiniflow/ragflow.
Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH6MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2026-24770P2CRITICALCVSS 9.8≤ 0.23.12026-01-27
CVE-2026-24770 [CRITICAL] CWE-22 CVE-2026-24770: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibl
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a malicious ZIP archive. The MinerUParser class retrieves and extracts Z
nvd
CVE-2024-12433P2CRITICALCVSS 9.8≥ 0.12.0, < 0.14.02025-03-20
CVE-2024-12433 [CRITICAL] CWE-502 CVE-2024-12433: A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC ser
A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions. Additionally, the server processes incoming data using pickle deserializati
nvd
CVE-2026-45312P2CRITICALCVSS 9.9≤ 0.24.02026-05-29
CVE-2026-45312 [CRITICAL] CWE-1336 CVE-2026-45312: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinj
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas workflow with a DuckDuckGo + LLM component chain, a
nvd
CVE-2024-12450P2CRITICALCVSS 9.8v0.12.02025-03-20
CVE-2024-12450 [CRITICAL] CWE-918 CVE-2024-12450: In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multip
In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content through the generated PDF files. Additionally, the lack of restrictions o
nvd
CVE-2025-68700P2HIGHCVSS 8.8fixed in 0.23.02025-12-31
CVE-2025-68700 [HIGH] CWE-78 CVE-2025-68700: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0,
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged authenticated user (normal login account) can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox isolation. This occurs because untrusted data (stdout) is
nvd
CVE-2025-69286P2CRITICALCVSS 9.8fixed in 0.22.02025-12-31
CVE-2025-69286 [CRITICAL] CWE-340 CVE-2025-69286: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0,
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same `URLSafeTimedSerializer
nvd
CVE-2026-28797P3HIGHCVSS 8.8≤ 0.24.02026-04-03
CVE-2026-28797 [HIGH] CWE-20 CVE-2026-28797: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior,
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components. These components use Python's jinja2.Template (unsandboxed) to render user-supplied templates, allowing an
nvd
CVE-2024-10131P2HIGHCVSS 8.8v0.11.02024-10-19
CVE-2024-10131 [HIGH] CWE-94 CVE-2024-10131: The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code e
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due
nvd
CVE-2025-27135P3CRITICALCVSS 9.8≤ 0.15.12025-02-25
CVE-2025-27135 [CRITICAL] CWE-89 CVE-2025-27135: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched version is available.
nvd
CVE-2025-48187P3CRITICALCVSS 9.8≤ 0.18.12025-05-17
CVE-2025-48187 [CRITICAL] CWE-307 CVE-2025-48187: RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-fo
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
nvd
CVE-2025-25282P3HIGHCVSS 8.1≥ 0.13.0, < 0.14.1≤ 0.13.02025-02-21
CVE-2025-25282 [HIGH] CWE-639 CVE-2025-25282: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document underst
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts, add user account into other tenant). Unauthorized cross-tenant access: list
nvd
CVE-2024-12779P3HIGHCVSS 7.5v0.12.02025-03-20
CVE-2024-12779 [HIGH] CWE-918 CVE-2024-12779: A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The
A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the `POST /v1/llm/add_llm` and `POST /v1/conversation/tts` endpoints. Attackers can specify an arbitrary URL as the `api_base` when adding an `OPENAITTS` model, and subsequently access the `tts` REST API endpoint to read conte
nvd
CVE-2024-53450P3HIGHCVSS 7.5v0.13.02024-12-09
CVE-2024-53450 [HIGH] CWE-125 CVE-2024-53450: RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized acce
RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents.
nvd
CVE-2024-12880P3MEDIUMCVSS 6.5v0.13.02025-03-20
CVE-2024-12880 [MEDIUM] CWE-639 CVE-2024-12880: A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via
A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and access API tokens of other tenants. This vulnerability aff
nvd
CVE-2025-51462P4MEDIUMCVSS 6.1v0.17.22025-07-22
CVE-2025-51462 [MEDIUM] CWE-79 CVE-2025-51462: Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2
Stored Cross-site Scripting (XSS) vulnerability in api.apps.dialog_app.set_dialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw.
nvd
CVE-2024-12871P4MEDIUMCVSS 5.4v0.12.02025-03-20
CVE-2024-12871 [MEDIUM] CWE-79 CVE-2024-12871: An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious P
An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the payload is executed in the context of the user's browser. This can lead to session hijacking, data exfiltration, or unauthorized actions performed on behalf of the victim, compr
nvd
CVE-2024-12869P4MEDIUMCVSS 4.3v0.12.02025-03-20
CVE-2024-12869 [MEDIUM] CWE-306 CVE-2024-12869: In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows
In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed without their consent. This data leakage can facilita
nvd