CRITICAL🇵🇱 Wersja polska

CVE-2026-45312

CVSS 9.9v3.1pub. 2026-05-29upd. 2026-06-02

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas workflow with a DuckDuckGo + LLM component chain, and trigger the SSTI.

🤖 AI Analysis
How it works

The file rag/prompts/generator.py processes user input using the Jinja2 template engine without proper sanitization, resulting in a CWE-1336 vulnerability (improper neutralization of special elements in templates). An attacker creates a Canvas workflow containing a DuckDuckGo component connected to an LLM component and injects a malicious Jinja2 payload into the prompt field. Upon workflow execution, the server evaluates the template, leading to execution of embedded system commands. The vulnerability does not require elevated privileges – a regular user account is sufficient.

Impact

An attacker can gain full control over the server by remotely executing arbitrary operating system commands (RCE), enabling data theft, backdoor installation, privilege escalation, and compromise of confidentiality, integrity, and availability of the entire system. Due to the scope of impact (Scope: Changed in CVSS vector), the consequences may extend beyond the directly affected application component.

Mitigation & patch

Apply patches available from the vendor according to the references (GHSA-wpg4-h5g2-jxm6 advisory on GitHub). Until the update is applied, it is recommended to restrict new user registration and monitor activity in the Canvas module. If RAGFlow is publicly exposed, consider temporarily blocking access or placing the instance behind a firewall/VPN.

Who is affected

RAGFlow (open-source, infiniflow/ragflow project) versions 0.24.0 and earlier

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References