RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rate limiting.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NInfiniflow Ragflow
APPInfiniflow≤ 0.18.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2026-24770CRITICAL9.8PL ✓ten sam produkt
Zip Slip RCE w RAGFlow — nadpisanie plików przez złośliwe archiwum ZIP
CVE-2024-12450CRITICAL9.8PL ✓ten sam produkt
Infiniflow RAGflow: SSRF, Arbitrary File Read i RCE w funkcji web_crawl
CVE-2024-12433CRITICAL9.8PL ✓ten sam produkt
RCE w Infiniflow RagFlow — statyczny klucz AuthKey i niebezpieczna deserializacja pickle
CVE-2026-28797HIGH8.7ten sam produkt
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-...
CVE-2025-68700HIGH8.6ten sam produkt
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-priv...