[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2026-45312":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-29T13:18:49.423Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":19,"aliases":20,"duplicate_of":9,"upstream":21,"downstream":22,"duplicates":23,"related":24,"reserved_at":9,"published_at":25,"modified_at":25,"state":26,"summary":27,"references_raw":34,"kevs":41,"epss":9,"epss_history":42,"metrics":43,"affected":51},"CVE-2026-45312","RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas workflow with a DuckDuckGo + LLM component chain, and trigger the SSTI.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1336","Improper Neutralization of Special Elements Used in a Template Engine","The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.","weakness","Incomplete","Base",[],[],[],[],[],[],[],"2026-05-29T12:24:07.996Z","Received",{"cisa_kev":28,"cisa_ransomware":28,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":29,"severity_score":30,"severity_version":31,"severity_source":32,"severity_vector":33,"severity_status":26},false,"critical",9.9,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",[35],{"url":36,"sources":37,"tags":39},"https://github.com/infiniflow/ragflow/security/advisories/GHSA-wpg4-h5g2-jxm6",[32,38],"nvd",[40],"X Refsource CONFIRM",[],[],[44,49],{"source":32,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":45,"cvss_v4_0":9},{"baseScore":30,"baseSeverity":46,"vectorString":33,"impactScore":47,"exploitabilityScore":48},"CRITICAL",10,7.9,{"source":38,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":50,"cvss_v4_0":9},{"baseScore":30,"baseSeverity":46,"vectorString":33,"impactScore":47,"exploitabilityScore":48},[52],{"ecosystem":9,"name":53,"vendor":54,"product":53,"cpe_part":55,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":56},"ragflow","infiniflow","a",[57],{"version":58,"is_range":59,"range_type":32,"version_start":9,"version_start_type":9,"version_end":60,"version_end_type":61,"fixed_in":9},"\u003C= 0.24.0",true,"0.24.0","including"]