Description
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a malicious ZIP archive. The MinerUParser class retrieves and extracts ZIP files from an external source (mineru_server_url). The extraction logic in `_extract_zip_no_root` fails to sanitize filenames within the ZIP archive. Commit 64c75d558e4a17a4a48953b4c201526431d8338f contains a patch for the issue.
Published: 2026-01-27
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

A Zip Slip vulnerability exists in the MinerU parser of RAGFlow, where extraction logic does not sanitize filenames inside ZIP archives. When a malicious ZIP archive is delivered via the mineru_server_url endpoint, the application extracts files without ensuring they reside within an intended directory, allowing an attacker to overwrite arbitrary files on the server. If critical executables or configuration files are overwritten, the attacker can gain remote code execution capability.

Affected Systems

Infiniflow RAGFlow, versions 0.23.1 and earlier, are affected. The issue originates in the MinerUParser class responsible for pulling and extracting ZIP archives from external sources.

Risk and Exploitability

The vulnerability has a CVSS base score of 9.8, indicating critical severity. The EPSS score is reported as less than 1%, suggesting a low probability of exploitation relative to current threat landscape, and the vulnerability is not yet listed in CISA’s KEV catalog. Nonetheless, the required conditions—access to the mineru_server_url endpoint and the ability to host a crafted ZIP archive—are commonly available in many deployments, making remote exploitation feasible for attackers who can control or compromise the external source.

Generated by OpenCVE AI on April 18, 2026 at 14:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch introduced in commit 64c75d558e4a17a4a48953b4c201526431d8338f or upgrade to a version of RAGFlow that incorporates this fix.
  • Restrict the mineru_server_url endpoint so that only trusted, authenticated sources can provide ZIP archives, limiting the attacker’s ability to supply a malicious payload.
  • Modify the extraction logic to validate and sanitize filenames before extraction, ensuring that extracted files remain within the intended directory and cannot overwrite arbitrary files on the server.

Generated by OpenCVE AI on April 18, 2026 at 14:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 30 Jan 2026 22:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*

Wed, 28 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Infiniflow
Infiniflow ragflow
Vendors & Products Infiniflow
Infiniflow ragflow

Tue, 27 Jan 2026 22:00:00 +0000

Type Values Removed Values Added
Description RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a malicious ZIP archive. The MinerUParser class retrieves and extracts ZIP files from an external source (mineru_server_url). The extraction logic in `_extract_zip_no_root` fails to sanitize filenames within the ZIP archive. Commit 64c75d558e4a17a4a48953b4c201526431d8338f contains a patch for the issue.
Title RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Infiniflow Ragflow
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-28T21:11:58.921Z

Reserved: 2026-01-26T21:06:47.868Z

Link: CVE-2026-24770

cve-icon Vulnrichment

Updated: 2026-01-28T21:11:54.021Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T22:15:56.947

Modified: 2026-01-30T21:53:46.573

Link: CVE-2026-24770

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:45:03Z

Weaknesses