CVE-2026-45312

9.9 CRITICAL

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine

Published: 2026-05-29 · Last updated: 2026-06-02

Severity and scoring

CVSS: 9.9 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-1336

Description

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas workflow with a DuckDuckGo + LLM component chain, and trigger the SSTI.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-41065 — Tautulli is a Python based monitoring and tracking tool for Plex Media Server
CVE-2026-34906 — Server-Side Template Injection (SSTI) in Wirtualna Uczelnia allows an unauthenticated attacker to perform Remote Code Execution (RCE)
CVE-2026-42252 — Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `Ba... (9.1 CRITICAL)
CVE-2026-45697 — Formie is a Craft CMS plugin for creating forms (9.8 CRITICAL)
CVE-2026-49382 — In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin (4.5 MEDIUM)