CVE-2026-45312
Received
Published: 29 May 2026, 12:24
Last modified:29 May 2026, 12:24
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9.9 CRITICAL
v3.1 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
29 May 2026, 12:24
Published
Vulnerability first disclosed
Description
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas workflow with a DuckDuckGo + LLM component chain, and trigger the SSTI.
CVSS Metrics
- v3.1•CRITICAL•Score: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Techniques & Countermeasures
- CWE-1336•Improper Neutralization of Special Elements Used in a Template Engine
The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.
Affected Systems
- infiniflow•ragflow
≤ 0.24.0