Platform
python
Component
ragflow
Fixed in
0.24.1
A critical Server-Side Template Injection (SSTI) vulnerability (CVE-2026-28797) has been identified in RAGFlow, an open-source Retrieval-Augmented Generation (RAG) engine. This flaw allows authenticated users to execute arbitrary operating system commands on the server due to the unsandboxed use of Python's jinja2.Template within the Agent workflow's Text Processing (StringTransform) and Message components. The vulnerability affects versions 0.0.0 through 0.24.0, and a patch is available in version 0.24.1.
The impact of this vulnerability is severe. An attacker, possessing valid authentication credentials, can leverage the SSTI flaw to inject malicious templates that execute arbitrary code on the server hosting the RAGFlow instance. This could lead to complete system compromise, including data exfiltration, modification, or deletion. The attacker could potentially gain persistent access to the system, install malware, or pivot to other systems within the network. Given RAGFlow's role in processing and augmenting data, the attacker could also manipulate the retrieval and generation processes, leading to the dissemination of false or misleading information.
CVE-2026-28797 was publicly disclosed on 2026-04-03. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. This vulnerability shares similarities with other SSTI vulnerabilities, where attackers can leverage template engines to execute arbitrary code. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Exploit Status
EPSS
0.08% (23% percentile)
The primary mitigation is to upgrade to RAGFlow version 0.24.1 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds. Input validation is crucial; strictly sanitize and validate all user-supplied templates before rendering them. Implement template sandboxing to restrict the available functions and resources within the template execution environment. Review and restrict permissions for authenticated users to minimize the potential impact of a successful attack. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious template injection attempts.
Update RAGFlow to version 0.24.1 or higher to mitigate the Server-Side Template Injection (SSTI) vulnerability. This update addresses the insecure use of jinja2.Template, preventing the execution of arbitrary commands on the server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-28797 is a Server-Side Template Injection vulnerability in RAGFlow versions 0.0.0–0.24.0, allowing authenticated users to execute OS commands via unsandboxed template rendering.
If you are using RAGFlow versions 0.0.0 through 0.24.0, you are potentially affected by this vulnerability. Upgrade to version 0.24.1 or later to mitigate the risk.
The recommended fix is to upgrade to RAGFlow version 0.24.1 or later. As a temporary workaround, implement strict input validation and template sandboxing.
As of the current disclosure date, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation.
Refer to the official RAGFlow project repository and security advisories for the latest information and updates regarding CVE-2026-28797.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.