CVE-2026-58579
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.4 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vulnerability Description
RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalize_dsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name into the "Rerun from current step" confirmation modal via dangerouslySetInnerHTML, and the i18next configuration sets escapeValue:false, so the value is inserted into the DOM without HTML encoding. An authenticated workspace user who can create or edit an agent can inject arbitrary JavaScript that executes in the session of another workspace member who opens the dataflow result and clicks rerun, enabling session/token theft and account takeover across the user trust boundary.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-79
Source
NVD
Vendor
infiniflow
Product
ragflow
External References
- https://github.com/infiniflow/ragflow/commit/572f1ea9f4eba6a60e64f7437dee60aa1c0913f1
- https://github.com/infiniflow/ragflow/issues/16507
- https://github.com/infiniflow/ragflow/pull/16516
- https://github.com/infiniflow/ragflow/releases/tag/v0.26.3
- https://www.vulncheck.com/advisories/ragflow-stored-cross-site-scripting-via-agent-pipeline-node-name
Discussion (0)
Add Comment
No comments yet. Be the first!