VYPR

Ragflow

by Infiniflow

Source repositories

CVEs (16)

  • CVE-2026-45312CriMay 29, 2026
    risk 0.64cvss 9.9epss 0.00

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can…

  • CVE-2026-28797HigApr 3, 2026
    risk 0.57cvss 8.8epss 0.00

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components. These components use Python's…

  • CVE-2024-12870MedMar 20, 2025
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in infiniflow/ragflow, affecting the latest commit on the main branch (cec2080). The vulnerability allows an attacker to upload HTML/XML files that can host arbitrary JavaScript payloads. These files are served with the…

  • CVE-2026-24770Jan 27, 2026
    risk 0.00cvss epss 0.01

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a…

  • CVE-2025-69286Dec 31, 2025
    risk 0.00cvss epss 0.00

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable.…

  • CVE-2025-68700Dec 31, 2025
    risk 0.00cvss epss 0.00

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged authenticated user (normal login account) can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely…

  • CVE-2025-48187May 17, 2025
    risk 0.00cvss epss 0.00

    RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.

  • CVE-2024-12779Mar 20, 2025
    risk 0.00cvss epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability exists in infiniflow/ragflow version 0.12.0. The vulnerability is present in the `POST /v1/llm/add_llm` and `POST /v1/conversation/tts` endpoints. Attackers can specify an arbitrary URL as the `api_base` when adding an…

  • CVE-2024-12869Mar 20, 2025
    risk 0.00cvss epss 0.01

    In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite…

  • CVE-2024-12871Mar 20, 2025
    risk 0.00cvss epss 0.00

    An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the payload is executed in the context of the user's browser. This can lead to session hijacking, data…

  • CVE-2024-12450Mar 20, 2025
    risk 0.00cvss epss 0.01

    In infiniflow/ragflow versions 0.12.0, the `web_crawl` function in `document_app.py` contains multiple vulnerabilities. The function does not filter URL parameters, allowing attackers to exploit Full Read SSRF by accessing internal network addresses and viewing their content…

  • CVE-2024-12433Mar 20, 2025
    risk 0.00cvss epss 0.02

    A vulnerability in infiniflow/ragflow versions v0.12.0 allows for remote code execution. The RPC server in RagFlow uses a hard-coded AuthKey 'authkey=b'infiniflow-token4kevinhu'' which can be easily fetched by attackers to join the group communication without restrictions.…

  • CVE-2024-12880Mar 20, 2025
    risk 0.00cvss epss 0.01

    A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access…

  • CVE-2025-27135Feb 25, 2025
    risk 0.00cvss epss 0.01

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. Versions 0.15.1 and prior are vulnerable to SQL injection. The ExeSQL component extracts the SQL statement from the input and sends it directly to the database query. As of time of publication, no patched…

  • CVE-2025-25282Feb 21, 2025
    risk 0.00cvss epss 0.00

    RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine based on deep document understanding. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability that may lead to unauthorized cross-tenant access (list tenant user accounts,…

  • CVE-2024-10131Oct 19, 2024
    risk 0.00cvss epss 0.01

    The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries.…