CNNVD-202601-4447 Information

CNNVD ID

CNNVD-202601-4447

Related CVE

CVE-2026-24770

• CNNVD Published: 2026-01-27

Description (Chinese)

RAGFlow是InfiniFlow开源的一个基于深度文档理解的开源 RAG 引擎。 RAGFlow 0.23.1及之前版本存在路径遍历漏洞，该漏洞源于MinerU解析器存在任意文件覆盖漏洞，可能导致远程代码执行。

Description (English)

RAGFlow is an open source RAG engine based on the understanding of an in-depth document. RAGFlow 0.23.1 and previous versions have path-to-path loopholes that stem from any file-cover gap in the MinerU resolver, which may lead to remote code execution.

Hazard Level

Low

Vulnerability Type

路径遍历

Affected Vendor

InfiniFlow

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c201526431d8338f https://github.com/infiniflow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4

Patch

https://github.com/infiniflow/ragflow/releases