Infiniflow Security Vulnerabilities (CVEs)
Track 12 security vulnerabilities affecting Infiniflow products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2026-24770 is a critical Zip Slip vulnerability in RAGFlow's MinerU parser that allows attackers to overwrite arbitrary files on the server via ma...
Jan 27, 2026CVE-2025-68700 is a critical remote code execution vulnerability in RAGFlow where authenticated low-privilege users can execute arbitrary system comma...
Dec 31, 2025CVE-2025-69286 is a critical authentication bypass vulnerability in RAGFlow where API keys and beta tokens are generated using the same insecure algor...
Dec 31, 2025CVE-2025-48187 allows attackers to brute-force 6-digit email verification codes in RAGFlow to register accounts, log in, or reset passwords without ra...
May 17, 2025This vulnerability in infiniflow/ragflow v0.12.0 allows authenticated users to view other users' invite lists without proper authorization. This expos...
Mar 20, 2025This Cross-Site Scripting (XSS) vulnerability in infiniflow/ragflow version 0.12.0 allows attackers to upload malicious PDF files that execute JavaScr...
Mar 20, 2025This SSRF vulnerability in infiniflow/ragflow version 0.12.0 allows attackers to make the server send requests to arbitrary URLs, potentially accessin...
Mar 20, 2025This CVE allows remote attackers to execute arbitrary code on systems running vulnerable versions of infiniflow/ragflow. Attackers can bypass authenti...
Mar 20, 2025CVE-2025-27135 is a critical SQL injection vulnerability in RAGFlow's ExeSQL component that allows attackers to execute arbitrary SQL commands on the ...
Feb 25, 2025CVE-2025-25282 is an Insecure Direct Object Reference (IDOR) vulnerability in RAGFlow that allows authenticated users to access and modify other tenan...
Feb 21, 2025RAGFlow 0.13.0 has an improper access control vulnerability in document-hooks.ts that allows unauthenticated attackers to access user documents. This ...
Dec 9, 2024This CVE describes a remote code execution vulnerability in the add_llm function of infiniflow/ragflow version 0.11.0. Attackers can exploit user-cont...
Oct 19, 2024Why Monitor Infiniflow Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 12+ known vulnerabilities affecting Infiniflow products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Infiniflow packages in under 60 seconds. No agents required - completely agentless scanning that works across Infiniflow deployments.
Free vulnerability database: Access detailed information about every Infiniflow CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Infiniflow CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
