Advanced Threat Data Export

Filter and download the raw CVE repository (CSV/JSON) for SIEM integration and internal reporting.

Vulnerability Keyword

Date Range

Severity

Format

Upgrade Package

Data export is locked. Upgrade your package to enable filtering and downloading.

← Back to CVE List

CVE-2026-45312NVD

Description

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas workflow with a DuckDuckGo + LLM component chain, and trigger the SSTI.

Severity Level

CRITICAL (9.9)

Published Date

29/05/2026

Last Modified

29/05/2026

Exploitation Status

UNKNOWN

References

https://github.com/infiniflow/ragflow/security/advisories/GHSA-wpg4-h5g2-jxm6