CVE-2026-45312NVD

Vulnerability Summary

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injection in the prompt generator (rag/prompts/generator.py) allows any authenticated user to execute arbitrary OS commands on the server. Any normal user can register, create a Canvas workflow with a DuckDuckGo + LLM component chain, and trigger the SSTI.

Severity Level

CRITICAL(9.9)

Published Date

May 29, 2026

Last Modified

Jun 2, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-1336: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://github.com/infiniflow/ragflow/security/advisories/GHSA-wpg4-h5g2-jxm6
https://github.com/infiniflow/ragflow/security/advisories/GHSA-wpg4-h5g2-jxm6