Unpatched RAGFlow Vulnerability Allows Post-Auth RCE
CybersecurityVulnerabilitiesRemote Code ExecutionSoftware SecurityRAGFlowPost-AuthenticationRCEProof-of-ConceptSecurity Patch
The current version of RAGFlow, a widely used Retrieval Augmented Generation solution, contains a post-authentication vulnerability that enables arbitrary code execution. The post mentions the inclusion of a proof-of-concept (POC), a walkthrough, and a patch. It also notes that the risk is heightened when using Infinity for storage.