CVE-2026-28797
HIGHRAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component
Title source: cnaDescription
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components. These components use Python's jinja2.Template (unsandboxed) to render user-supplied templates, allowing any authenticated user to execute arbitrary operating system commands on the server. At time of publication, there are no publicly available patches.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/infiniflow/ragflow/security/advisories/GHSA-vvwj-fvwh-4whx
Scores
CVSS v3
8.8
EPSS
0.0039
EPSS Percentile
30.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-1336
CWE-20
CWE-78
CWE-94
Status
published
Products (2)
infiniflow/ragflow
< 0.24.0
infiniflow/ragflow
<= 0.24.0
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026