Plataforma
python
Componente
ragflow
Corrigido em
0.24.1
A critical Server-Side Template Injection (SSTI) vulnerability (CVE-2026-28797) has been identified in RAGFlow, an open-source Retrieval-Augmented Generation (RAG) engine. This flaw allows authenticated users to execute arbitrary operating system commands on the server due to the unsandboxed use of Python's jinja2.Template within the Agent workflow's Text Processing (StringTransform) and Message components. The vulnerability affects versions 0.0.0 through 0.24.0, and a patch is available in version 0.24.1.
The impact of this vulnerability is severe. An attacker, possessing valid authentication credentials, can leverage the SSTI flaw to inject malicious templates that execute arbitrary code on the server hosting the RAGFlow instance. This could lead to complete system compromise, including data exfiltration, modification, or deletion. The attacker could potentially gain persistent access to the system, install malware, or pivot to other systems within the network. Given RAGFlow's role in processing and augmenting data, the attacker could also manipulate the retrieval and generation processes, leading to the dissemination of false or misleading information.
CVE-2026-28797 was publicly disclosed on 2026-04-03. Currently, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. This vulnerability shares similarities with other SSTI vulnerabilities, where attackers can leverage template engines to execute arbitrary code. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Organizations utilizing RAGFlow for retrieval-augmented generation, particularly those deploying it in production environments with user-supplied templates, are at risk. This includes research institutions, content creation platforms, and any application leveraging RAGFlow's capabilities. Legacy deployments using older versions of RAGFlow are especially vulnerable.
• python: Check RAGFlow version using python -c "import ragflow; print(ragflow.version)". Versions prior to 0.24.1 are vulnerable.
• linux / server: Monitor system logs (e.g., /var/log/syslog, /var/log/auth.log) for suspicious activity related to template rendering or command execution.
• generic web: Inspect RAGFlow application logs for errors or unusual activity related to template processing. Look for patterns indicative of template injection attempts.
• generic web: Use curl to test endpoints that utilize user-supplied templates, looking for unexpected behavior or error messages.
disclosure
Status do Exploit
EPSS
0.08% (percentil 23%)
The primary mitigation is to upgrade to RAGFlow version 0.24.1 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider implementing temporary workarounds. Input validation is crucial; strictly sanitize and validate all user-supplied templates before rendering them. Implement template sandboxing to restrict the available functions and resources within the template execution environment. Review and restrict permissions for authenticated users to minimize the potential impact of a successful attack. Consider implementing a Web Application Firewall (WAF) with rules to detect and block malicious template injection attempts.
Atualize RAGFlow para a versão 0.24.1 ou superior para mitigar a vulnerabilidade de injeção de plantillas do lado do servidor (SSTI). Esta atualização aborda o uso inseguro de jinja2.Template, prevenindo a execução de comandos arbitrários no servidor.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-28797 is a Server-Side Template Injection vulnerability in RAGFlow versions 0.0.0–0.24.0, allowing authenticated users to execute OS commands via unsandboxed template rendering.
If you are using RAGFlow versions 0.0.0 through 0.24.0, you are potentially affected by this vulnerability. Upgrade to version 0.24.1 or later to mitigate the risk.
The recommended fix is to upgrade to RAGFlow version 0.24.1 or later. As a temporary workaround, implement strict input validation and template sandboxing.
As of the current disclosure date, there are no publicly available proof-of-concept exploits or confirmed reports of active exploitation.
Refer to the official RAGFlow project repository and security advisories for the latest information and updates regarding CVE-2026-28797.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo requirements.txt e descubra na hora se você está afetado.