CVE-2026-28797

EUVD-2026-18876

03.04.2026, 22:16

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components. These components use Python's jinja2.Template (unsandboxed) to render user-supplied templates, allowing any authenticated user to execute arbitrary operating system commands on the server. At time of publication, there are no publicly available patches.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 27%

Affected Products (NVD)

Vendor	Product	Version
infiniflow	ragflow	𝑥 ≤ 0.24.0

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/infiniflow/ragflow/security/advisories/GHSA-vvwj-fvwh-4whx

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://github.com/infiniflow/ragflow/security/advisories/GHSA-vvwj-fvwh-4whx