{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24770", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-26T21:06:47.868Z", "datePublished": "2026-01-27T21:51:44.874Z", "dateUpdated": "2026-01-28T21:11:58.921Z"}, "containers": {"cna": {"title": "RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4"}, {"name": "https://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c201526431d8338f", "tags": ["x_refsource_MISC"], "url": "https://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c201526431d8338f"}], "affected": [{"vendor": "infiniflow", "product": "ragflow", "versions": [{"version": "<= 0.23.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-27T21:51:44.874Z"}, "descriptions": [{"lang": "en", "value": "RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a \"Zip Slip\" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a malicious ZIP archive. The MinerUParser class retrieves and extracts ZIP files from an external source (mineru_server_url). The extraction logic in `_extract_zip_no_root` fails to sanitize filenames within the ZIP archive. Commit 64c75d558e4a17a4a48953b4c201526431d8338f contains a patch for the issue."}], "source": {"advisory": "GHSA-v7cf-w7gj-pgf4", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T21:11:49.690191Z", "id": "CVE-2026-24770", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T21:11:58.921Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24770", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-28T21:11:49.690191Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T21:11:54.021Z"}}], "cna": {"title": "RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser", "source": {"advisory": "GHSA-v7cf-w7gj-pgf4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "infiniflow", "product": "ragflow", "versions": [{"status": "affected", "version": "<= 0.23.1"}]}], "references": [{"url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4", "name": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c201526431d8338f", "name": "https://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c201526431d8338f", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a \"Zip Slip\" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a malicious ZIP archive. The MinerUParser class retrieves and extracts ZIP files from an external source (mineru_server_url). The extraction logic in `_extract_zip_no_root` fails to sanitize filenames within the ZIP archive. Commit 64c75d558e4a17a4a48953b4c201526431d8338f contains a patch for the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-27T21:51:44.874Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24770", "state": "PUBLISHED", "dateUpdated": "2026-01-28T21:11:58.921Z", "dateReserved": "2026-01-26T21:06:47.868Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-27T21:51:44.874Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:infiniflow:ragflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "E677B058-D37C-41A8-936A-FA5B83521ECF", "versionEndIncluding": "0.23.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a \"Zip Slip\" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a malicious ZIP archive. The MinerUParser class retrieves and extracts ZIP files from an external source (mineru_server_url). The extraction logic in `_extract_zip_no_root` fails to sanitize filenames within the ZIP archive. Commit 64c75d558e4a17a4a48953b4c201526431d8338f contains a patch for the issue."}], "id": "CVE-2026-24770", "lastModified": "2026-01-30T21:53:46.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-27T22:15:56.947", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c201526431d8338f"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:44:27.103622+00:00", "value": {"mitigation_remediation": ["Apply the patch introduced in commit 64c75d558e4a17a4a48953b4c201526431d8338f or upgrade to a version of RAGFlow that incorporates this fix.", "Restrict the mineru_server_url endpoint so that only trusted, authenticated sources can provide ZIP archives, limiting the attacker\u2019s ability to supply a malicious payload.", "Modify the extraction logic to validate and sanitize filenames before extraction, ensuring that extracted files remain within the intended directory and cannot overwrite arbitrary files on the server."], "summary": {"action": "Patch Now", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Infiniflow RAGFlow, versions 0.23.1 and earlier, are affected. The issue originates in the MinerUParser class responsible for pulling and extracting ZIP archives from external sources.", "description_and_impact": "A Zip Slip vulnerability exists in the MinerU parser of RAGFlow, where extraction logic does not sanitize filenames inside ZIP archives. When a malicious ZIP archive is delivered via the mineru_server_url endpoint, the application extracts files without ensuring they reside within an intended directory, allowing an attacker to overwrite arbitrary files on the server. If critical executables or configuration files are overwritten, the attacker can gain remote code execution capability.", "risk_and_exploitability": "The vulnerability has a CVSS base score of 9.8, indicating critical severity. The EPSS score is reported as less than 1%, suggesting a low probability of exploitation relative to current threat landscape, and the vulnerability is not yet listed in CISA\u2019s KEV catalog. Nonetheless, the required conditions\u2014access to the mineru_server_url endpoint and the ability to host a crafted ZIP archive\u2014are commonly available in many deployments, making remote exploitation feasible for attackers who can control or compromise the external source."}}}}, "created": "2026-01-28T12:22:13.263245+00:00", "updated": "2026-04-18T14:45:03.152406+00:00", "vendors": ["infiniflow", "infiniflow$PRODUCT$ragflow"]}