CVE-2026-24770

CriticalPublic PoC

Published: 27 January 2026

Published

27 January 2026

Modified

30 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0096 76.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite arbitrary files on the server (leading to Remote Code Execution) via a…

malicious ZIP archive. The MinerUParser class retrieves and extracts ZIP files from an external source (mineru_server_url). The extraction logic in `_extract_zip_no_root` fails to sanitize filenames within the ZIP archive. Commit 64c75d558e4a17a4a48953b4c201526431d8338f contains a patch for the issue.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires identifying, prioritizing, and remediating the Zip Slip flaw in the MinerUParser by applying the patch in commit 64c75d558e4a17a4a48953b4c201526431d8338f.

SI-10 Information Input Validation good match

prevent

Mandates validation of ZIP archive filenames to block path traversal payloads that enable arbitrary file overwrites during extraction.

SI-7 Software, Firmware, and Information Integrity partial match

detect

Verifies integrity of critical system files to detect unauthorized overwrites from malicious ZIP extractions leading to RCE.

Security SummaryAI

CVE-2026-24770 is a Zip Slip vulnerability (CWE-22) affecting the MinerU parser in RAGFlow, an open-source Retrieval-Augmented Generation (RAG) engine. The issue impacts version 0.23.1 and possibly earlier versions, where the MinerUParser class retrieves and extracts ZIP files from an external source specified by mineru_server_url. The extraction logic in the `_extract_zip_no_root` method fails to sanitize filenames within the ZIP archive, enabling attackers to overwrite arbitrary files on the server and potentially achieve remote code execution. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By supplying a malicious ZIP archive to the MinerU parser—such as through the external mineru_server_url—the attacker can craft filenames that traverse directories and overwrite critical files, leading to remote code execution on the server.

Mitigation is provided via a patch in commit 64c75d558e4a17a4a48953b4c201526431d8338f. Further details on the vulnerability and remediation are outlined in the GitHub security advisory at GHSA-v7cf-w7gj-pgf4.

Details

CWE(s): CWE-22

Affected Products

infiniflow

ragflow

≤ 0.23.1

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Zip Slip path traversal vulnerability in public-facing RAG engine parser enables unauthenticated remote exploitation for arbitrary file overwrite and RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/infiniflow/ragflow/commit/64c75d558e4a17a4a48953b4c201526431d8338f
Patch · security-advisories@github.com
https://github.com/infiniflow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4
Exploit, Vendor Advisory · security-advisories@github.com