CVE-2026-24770 | infiniflow ragflow up to 0.23.1 MinerU Parser MinerUParser path traversal (GHSA-v7cf-w7gj-pgf4)

Inserito da Angelo Barbosa | Gen 28, 2026 | CVE

A vulnerability labeled as critical has been found in infiniflow ragflow up to 0.23.1. This affects the function MinerUParser of the component MinerU Parser. Such manipulation leads to path traversal.

This vulnerability is documented as CVE-2026-24770. The attack can be executed remotely. There is not any exploit available.

Applying a patch is advised to resolve this issue.

CVE-2026-24770 | infiniflow ragflow up to 0.23.1 MinerU Parser MinerUParser path traversal (GHSA-v7cf-w7gj-pgf4)

Post correlati

CVE-2024-6368 | LabVantage LIMS 2017 POST Request rc param1 cross site scripting

CVE-2023-53990 | Linux Kernel up to 5.15.110/6.1.27/6.2.14/6.3.1 SMB3 cifs_del_deferred_close privilege escalation

CVE-2026-1425 | pymumu SmartDNS up to 47.1 SVBC Record Parser src/dns.c _dns_decode_rr_head/_dns_decode_SVCB_HTTPS stack-based overflow

CVE-2024-5063 | PHPGurukul Online Course Registration System 3.1 /admin/index.php username/password sql injection