Vulnerability Details CVE-2026-28797
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components. These components use Python's jinja2.Template (unsandboxed) to render user-supplied templates, allowing any authenticated user to execute arbitrary operating system commands on the server. At time of publication, there are no publicly available patches.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.3%
CVSS Severity
CVSS v3 Score 8.8