{"data":{"id":"6cc859ea-0ba1-454e-bac0-84ae52183830","title":"CVE-2026-45312: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injectio","summary":"RAGFlow, an open-source RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) engine, has a Jinja2 template injection vulnerability (a flaw where untrusted data gets processed as code in a templating system) in version 0.24.0 and earlier. Any registered user can exploit this flaw in the prompt generator to run arbitrary OS commands (any commands they want) on the server by creating a Canvas workflow with specific components.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-45312","publishedAt":"2026-05-29T13:16:22.770Z","cveId":"CVE-2026-45312","cweIds":["CWE-1336"],"cvssScore":"9.9","cvssSeverity":"critical","severity":"critical","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["RAGFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-29T13:16:22.770Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0020","AML.T0051.001"]}}