RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser

The vulnerability lies within the MinerU parser, specifically in the extractzipnoroot function, which handles ZIP file extraction. An attacker can craft a malicious ZIP archive containing filenames designed to overwrite critical system files or inject malicious code. Successful exploitation allows for arbitrary code execution on the server hosting the RAGFlow instance. This could result in data theft, system takeover, or denial of service. The impact is particularly severe due to the potential for complete system compromise and the ease with which a malicious ZIP file can be created and delivered.

Organizations deploying RAGFlow in production environments, particularly those using it to process data from untrusted sources, are at significant risk. Shared hosting environments where multiple users share the same server are also particularly vulnerable, as a malicious ZIP file uploaded by one user could potentially compromise the entire system.

• python / server:

import zipfile
import os

def check_zip_extraction(zip_file_path, target_directory):
    try:
        with zipfile.ZipFile(zip_file_path, 'r') as zip_ref:
            zip_ref.extractall(target_directory)
        return False  # Extraction successful (potentially vulnerable)
    except Exception as e:
        return True   # Extraction failed (likely protected)

# Example usage (replace with actual paths)
zip_file = '/path/to/suspicious.zip'
target_dir = '/path/to/extraction_directory'
if not check_zip_extraction(zip_file, target_dir):
    print(f"WARNING: Potential Zip Slip vulnerability detected.  Suspicious ZIP file extracted successfully.")
else:
    print("ZIP file extraction failed as expected.")

• linux / server:

find /var/log/ragflow -type f -name '*.zip' -mtime -7 # Look for recent ZIP files
lsof -p $(pidof ragflow) | grep '/path/to/ragflow/mineru_server_url' # Check connections to external URLs

1. 2026-01-27Disclosure

   disclosure

2. 2026-01-27Patch

   patch

1. 已保留2026-01-26
2. 发布日期2026-01-27
3. 修改日期2026-01-28
4. EPSS 更新日期2026-03-23

The primary mitigation is to immediately upgrade RAGFlow to version 0.23.2 or later, which includes a patch for this vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. These may include restricting the mineruserverurl to trusted sources, implementing strict file access controls on the server, and validating ZIP archive contents before extraction. Consider using a Web Application Firewall (WAF) to filter potentially malicious ZIP files based on filename patterns. After upgrading, confirm the fix by attempting to extract a test ZIP archive with a specially crafted filename designed to trigger the vulnerability and verifying that the extraction fails safely.