Browse all 15 CVE security advisories affecting infiniflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Infiniflow is an enterprise workflow automation platform designed to streamline business processes through visual workflow design and integration capabilities. Historically, the platform has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its 15 recorded CVEs. Security researchers have identified common weaknesses in input validation and access control mechanisms. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations relying on the platform for critical business operations, particularly those with exposed internet-facing deployments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-28797 | RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component — ragflowCWE-20 | 8.8AI | HighAI | 2026-04-03 |
| CVE-2026-24770 | RAGFlow Affected by Zip Slip Remote Code Execution (RCE) in MinerUParser — ragflowCWE-22 | 9.8 | Critical | 2026-01-27 |
| CVE-2025-69286 | RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability — ragflowCWE-340 | 9.8 | - | 2025-12-31 |
| CVE-2025-68700 | RAGFlow Remote Code Execution Vulnerability — ragflowCWE-78 | 9.9 | - | 2025-12-31 |
| CVE-2025-48187 | RAGFlow 安全漏洞 — RAGFlowCWE-307 | 9.1 | Critical | 2025-05-17 |
| CVE-2025-27135 | RAGFlow SQL Injection vulnerability — ragflowCWE-89 | 9.8 | - | 2025-02-25 |
| CVE-2025-25282 | Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow — ragflowCWE-639 | 7.1 | - | 2025-02-21 |
This page lists every published CVE security advisory associated with infiniflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.