CVE-2026-45312: RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In 0.24.0 and earlier, a Jinja2 template injectio
criticalvulnerability
security
Summary
RAGFlow, an open-source RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions) engine, has a Jinja2 template injection vulnerability (a flaw where untrusted data gets processed as code in a templating system) in version 0.24.0 and earlier. Any registered user can exploit this flaw in the prompt generator to run arbitrary OS commands (any commands they want) on the server by creating a Canvas workflow with specific components.
Vulnerability Details
CVSS Score
9.9(critical)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
network
Attack Complexity
low
Privileges Required
low
User Interaction
none
Disclosure Date
May 29, 2026
Classification
Attack Type
RAG Poisoning
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
CWE (Weakness Type)
MITRE ATLAS (AI/ML Threat Technique)
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-45312
First tracked: May 29, 2026 at 02:08 PM
Classified by LLM (prompt v3) · confidence: 95%