CVE-2026-24770
📋 TL;DR
CVE-2026-24770 is a critical Zip Slip vulnerability in RAGFlow's MinerU parser that allows attackers to overwrite arbitrary files on the server via malicious ZIP archives, potentially leading to remote code execution. This affects RAGFlow version 0.23.1 and earlier. Organizations using vulnerable RAGFlow deployments for document processing are at risk.
💻 Affected Systems
- RAGFlow
📦 What is this software?
Ragflow by Infiniflow
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via remote code execution, allowing attacker to execute arbitrary commands, steal data, install persistent backdoors, or pivot to other systems.
Likely Case
File system manipulation leading to service disruption, data corruption, or privilege escalation by overwriting critical configuration files.
If Mitigated
Limited impact if proper file system permissions and sandboxing prevent writes to sensitive locations, though service disruption remains possible.
🎯 Exploit Status
Zip Slip vulnerabilities are well-understood with public exploit patterns. The vulnerability requires attacker to control ZIP file input to the MinerU parser.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit 64c75d558e4a17a4a48953b4c201526431d8338f
Vendor Advisory: https://github.com/infiniflow/ragflow/security/advisories/GHSA-v7cf-w7gj-pgf4
Restart Required: Yes
Instructions:
1. Update RAGFlow to version containing commit 64c75d558e4a17a4a48953b4c201526431d8338f or later. 2. Restart all RAGFlow services. 3. Verify the _extract_zip_no_root function properly validates file paths.
🔧 Temporary Workarounds
Disable MinerU Parser
allTemporarily disable the vulnerable MinerU parser component if not required for operations.
Modify RAGFlow configuration to disable mineru_server_url or MinerU parser functionality
Restrict ZIP File Sources
allLimit ZIP file processing to trusted sources only.
Configure firewall rules to restrict mineru_server_url to trusted IPs only
🧯 If You Can't Patch
- Implement strict file system permissions to prevent writes outside designated directories
- Deploy RAGFlow in containerized environments with read-only root filesystems
🔍 How to Verify
Check if Vulnerable:
Check RAGFlow version and verify if commit 64c75d558e4a17a4a48953b4c201526431d8338f is present in the codebase.Check Version:
Check RAGFlow version via application logs or configuration files specific to your deployment.Verify Fix Applied:
Verify the _extract_zip_no_root function contains proper path sanitization and validation logic.📡 Detection & Monitoring
Log Indicators:
- Unusual file write operations outside expected directories
- ZIP extraction errors or anomalies in MinerU parser logs
- Unexpected file modifications in system directories
Network Indicators:
- Unusual connections to mineru_server_url from untrusted sources
- Large or suspicious ZIP file uploads to RAGFlow
SIEM Query:
source="ragflow" AND ("zip extraction" OR "mineru" OR "file write") AND (path_traversal OR "../" OR "..\")