A vulnerability was found in infiniflow ragflow up to 0.26.2. It has been declared as problematic. Affected is an unknown function of the component Agent Update Endpoint. The manipulation results in cross site scripting.

This vulnerability is known as CVE-2026-58579. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.