Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

infiniflow — Vulnerabilities & Security Advisories 15

Browse all 15 CVE security advisories affecting infiniflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Infiniflow is an enterprise workflow automation platform designed to streamline business processes through visual workflow design and integration capabilities. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its 15 recorded CVEs. Security researchers have identified common weaknesses in input validation and access control mechanisms. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations relying on the platform for critical business operations, particularly those with exposed internet-facing deployments.

Top products by infiniflow: infiniflow/ragflow ragflow
CVE IDTitleCVSSSeverityPublished
CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component — ragflowCWE-20 8.8AIHighAI2026-04-03
CVE-2026-24770 RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser — ragflowCWE-22 9.8 Critical2026-01-27
CVE-2025-69286 RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability — ragflowCWE-340 9.8 -2025-12-31
CVE-2025-68700 RAGFlow Remote Code Execution Vulnerability — ragflowCWE-78 9.9 -2025-12-31
CVE-2025-48187 RAGFlow 安全漏洞 — RAGFlowCWE-307 9.1 Critical2025-05-17
CVE-2024-12779 SSRF in infiniflow/ragflow — infiniflow/ragflowCWE-918 7.5 -2025-03-20
CVE-2024-12869 Improper Authentication in infiniflow/ragflow — infiniflow/ragflowCWE-306 3.5 -2025-03-20
CVE-2024-12871 Stored Cross-site Scripting (XSS) in infiniflow/ragflow — infiniflow/ragflowCWE-79 5.4 -2025-03-20
CVE-2024-12450 RCE, Full Read SSRF, and Arbitrary File Read in infiniflow/ragflow — infiniflow/ragflowCWE-918 9.1 -2025-03-20
CVE-2024-12870 Stored Cross-site Scripting (XSS) in infiniflow/ragflow — infiniflow/ragflowCWE-79 6.1 -2025-03-20
CVE-2024-12433 Remote Code Execution in infiniflow/ragflow — infiniflow/ragflowCWE-502 9.8 -2025-03-20
CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow — infiniflow/ragflowCWE-639 8.1 -2025-03-20
CVE-2025-27135 RAGFlow SQL Injection vulnerability — ragflowCWE-89 9.8 -2025-02-25
CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow — ragflowCWE-639 7.1 -2025-02-21
CVE-2024-10131 Remote Code Execution in infiniflow/ragflow — infiniflow/ragflowCWE-94 9.8 -2024-10-19

This page lists every published CVE security advisory associated with infiniflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.