๐Ÿ” CVE Alert

CVE-2026-58579

MEDIUM 5.4

RAGFlow < 0.26.3 - Stored Cross-Site Scripting via Agent Pipeline Node Name

CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th

RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalize_dsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name into the "Rerun from current step" confirmation modal via dangerouslySetInnerHTML, and the i18next configuration sets escapeValue:false, so the value is inserted into the DOM without HTML encoding. An authenticated workspace user who can create or edit an agent can inject arbitrary JavaScript that executes in the session of another workspace member who opens the dataflow result and clicks rerun, enabling session/token theft and account takeover across the user trust boundary.

CWE CWE-79
Vendor infiniflow
Product ragflow
Published Jul 2, 2026
Stay Ahead of the Next One

Get instant alerts for infiniflow ragflow

Be the first to know when new medium vulnerabilities affecting infiniflow ragflow are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

infiniflow / ragflow
0 < 0.26.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/infiniflow/ragflow/releases/tag/v0.26.3 github.com: https://github.com/infiniflow/ragflow/issues/16507 github.com: https://github.com/infiniflow/ragflow/pull/16516 github.com: https://github.com/infiniflow/ragflow/commit/572f1ea9f4eba6a60e64f7437dee60aa1c0913f1 vulncheck.com: https://www.vulncheck.com/advisories/ragflow-stored-cross-site-scripting-via-agent-pipeline-node-name

Credits

George Chen