Zip Slip Vulnerability in RAGFlow Open-Source Engine

CVE-2026-24770

What is CVE-2026-24770?

CVE-2026-24770 is a critical vulnerability found in the RAGFlow open-source engine, developed by Infiniflow, which is designed for Retrieval-Augmented Generation tasks. This vulnerability arises from a "Zip Slip" flaw within the MinerU parser, specifically in version 0.23.1 and possibly earlier versions. An attacker can exploit this vulnerability by crafting a malicious ZIP archive that, when processed by the RAGFlow system, allows them to overwrite arbitrary files on the server. This could lead to Remote Code Execution (RCE), effectively giving the attacker control over the affected system. The vulnerability is particularly severe as it involves the extraction logic in the _extract_zip_no_root method, which fails to properly sanitize filenames when extracting ZIP files from external sources.

Potential Impact of CVE-2026-24770

1. Remote Code Execution: The most significant impact of CVE-2026-24770 is the potential for Remote Code Execution. If exploited, attackers can gain complete control of the server, allowing them to execute arbitrary commands and programs. This could lead to a variety of malicious activities, including data exfiltration, system manipulation, and the deployment of malware.

2. Data Integrity Violations: With the ability to overwrite arbitrary files, attackers could delete or alter critical data on the server. This can disrupt business operations, damage the organization’s reputation, and lead to loss of sensitive information, affecting both the organization and its clients.

3. Increased Attack Surface for Future Threats: Successfully exploiting this vulnerability may open pathways for further attacks within the affected network. Once an attacker has access through this means, they can leverage their foothold to deploy additional exploits, escalate privileges, or facilitate lateral movement to other systems, increasing the overall risk profile of the organization.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References