Platform
python
Component
ragflow
Opgelost in
0.24.1
A critical Server-Side Template Injection (SSTI) vulnerability (CVE-2026-28797) has been identified in RAGFlow, an open-source Retrieval-Augmented Generation (RAG) engine. This flaw allows authenticated users to execute arbitrary operating system commands on the server due to the unsandboxed use of Python's jinja2.Template within the Agent workflow's Text Processing (StringTransform) and Message components. The vulnerability affects versions 0.0.0 through 0.24.0, and a patch is available in version 0.24.1.
The impact of this vulnerability is severe. An attacker, possessing valid authentication credentials, can leverage the SSTI flaw to inject malicious templates that execute arbitrary code on the server hosting the RAGFlow instance. This could lead to complete system compromise, including data exfiltration, modification, or deletion. The attacker could potentially gain persistent access to the system, install malware, or pivot to other systems within the network. Given RAGFlow's role in processing and augmenting data, the attacker could also manipulate the retrieval and generation processes, leading to the dissemination of false or misleading information.
CVE-2026-28797 was publicly disclosed on 2026-04-03. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. This vulnerability shares similarities with other SSTI vulnerabilities, where attackers can leverage template engines to execute arbitrary code. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Organizations utilizing RAGFlow for retrieval-augmented generation, particularly those deploying it in production environments with user-supplied templates, are at risk. This includes research institutions, content creation platforms, and any application leveraging RAGFlow's capabilities. Legacy deployments using older versions of RAGFlow are especially vulnerable.
• python: Check RAGFlow version using python -c "import ragflow; print(ragflow.version)". Versions prior to 0.24.1 are vulnerable.
• linux / server: Monitor system logs (e.g., /var/log/syslog, /var/log/auth.log) for suspicious activity related to template rendering or command execution.
• generic web: Inspect RAGFlow application logs for errors or unusual activity related to template processing. Look for patterns indicative of template injection attempts.
• generic web: Use curl to test endpoints that utilize user-supplied templates, looking for unexpected behavior or error messages.
disclosure
Exploit Status
EPSS
0.08% (23% percentiel)
The primary mitigation is to upgrade to RAGFlow version 0.24.1 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds. Input validation is crucial; strictly sanitize and validate all user-supplied templates before rendering them. Implement template sandboxing to restrict the available functions and resources within the template execution environment. Review and restrict permissions for authenticated users to minimize the potential impact of a successful attack. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious template injection attempts.
Werk RAGFlow bij naar versie 0.24.1 of hoger om de Server-Side Template Injection (SSTI) kwetsbaarheid te mitigeren. Deze update pakt het onveilige gebruik van jinja2.Template aan, waardoor de uitvoering van willekeurige commando's op de server wordt voorkomen.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-28797 is a Server-Side Template Injection vulnerability in RAGFlow versions 0.0.0–0.24.0, allowing authenticated users to execute OS commands via unsandboxed template rendering.
If you are using RAGFlow versions 0.0.0 through 0.24.0, you are potentially affected by this vulnerability. Upgrade to version 0.24.1 or later to mitigate the risk.
The recommended fix is to upgrade to RAGFlow version 0.24.1 or later. As a temporary workaround, implement strict input validation and template sandboxing.
As of the current disclosure date, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation.
Refer to the official RAGFlow project repository and security advisories for the latest information and updates regarding CVE-2026-28797.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je requirements.txt-bestand en we vertellen je direct of je getroffen bent.