CVE-2026-24770CRITICAL 9.8EPSS p55.4%

CVE-2026-24770CVE-2026-24770

Description

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a malicious ZIP archive. The MinerUParser class retrieves and extracts ZIP files from an external source (mineru_server_url). The extraction logic in `_extract_zip_no_root` fails to sanitize filenames within the ZIP archive. Commit 64c75d558e4a17a4a48953b4c201526431d8338f contains a patch for the issue.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.91% probability of exploitation · percentile 55.4% · 2026-06-19T12:03:05Z
Published2026-01-27
Last modified2026-01-30

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c201526431d8338f
  2. https://github.com/infiniflow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-68700
CVE
CVE-2026-28797
CVE
CVE-2025-27135
CVE
CVE-2026-45312
CVE
CVE-2025-69286
CVE
CVE-2026-42607
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.