CVE-2026-24770 identifies a critical path traversal vulnerability (CWE-22) in the MinerU parser component of the open-source Retrieval-Augmented Generation (RAG) engine named RAGFlow, specifically in version 0.23.1 and potentially earlier versions. The vulnerability arises from the MinerUParser class's method _extract_zip_no_root, which is responsible for extracting ZIP archives obtained from an external source (mineru_server_url). This method fails to properly sanitize or validate the filenames contained within the ZIP archive, allowing specially crafted ZIP files to include path traversal sequences (e.g., '../') that escape the intended extraction directory. This flaw is commonly referred to as a 'Zip Slip' vulnerability. Exploiting this vulnerability, an attacker can overwrite arbitrary files on the server's filesystem, potentially including critical system or application files. This arbitrary file overwrite capability can be leveraged to execute remote code on the server, compromising confidentiality, integrity, and availability of the affected system. The vulnerability does not require any authentication or user interaction, making it highly exploitable remotely over the network. The CVSS v3.1 base score of 9.8 reflects the critical nature of this vulnerability, with attack vector being network-based, low attack complexity, no privileges required, and no user interaction needed. The vendor has committed a patch (commit 64c75d558e4a17a4a48953b4c201526431d8338f) that addresses the issue by properly sanitizing ZIP archive filenames before extraction. There are no known exploits in the wild at the time of publication, but the severity and ease of exploitation make it a high priority for remediation. Organizations using RAGFlow, especially in environments where ZIP files are ingested from untrusted or external sources, are at significant risk.

For European organizations, the impact of CVE-2026-24770 is substantial. RAGFlow is an open-source engine used in AI and data processing workflows, and its compromise could lead to unauthorized access, data breaches, and disruption of critical AI services. The ability to overwrite arbitrary files and execute remote code can result in full system compromise, data loss, and potential lateral movement within networks. Organizations relying on RAGFlow for research, development, or production AI pipelines could face operational downtime and reputational damage. Given the criticality, attackers could leverage this vulnerability to implant persistent backdoors or exfiltrate sensitive data. The lack of authentication and user interaction requirements increases the risk of automated exploitation campaigns. Additionally, the vulnerability could be used as a foothold for further attacks targeting European infrastructure or intellectual property. The impact extends beyond confidentiality to integrity and availability, potentially disrupting AI-driven decision-making processes and services.

To mitigate CVE-2026-24770, European organizations should immediately upgrade RAGFlow to a version that includes the patch from commit 64c75d558e4a17a4a48953b4c201526431d8338f or later. If upgrading is not immediately possible, implement strict input validation on ZIP files before processing, ensuring filenames do not contain path traversal sequences or absolute paths. Employ sandboxing or containerization to isolate the extraction process, limiting filesystem access rights to only necessary directories with least privilege principles. Monitor logs for unusual file extraction activities or unexpected file modifications. Network-level controls should restrict access to the mineru_server_url source to trusted entities only. Additionally, implement file integrity monitoring on critical system and application files to detect unauthorized changes. Conduct regular security audits of AI pipeline components and educate developers about secure handling of archive files. Finally, maintain up-to-date backups to enable recovery in case of compromise.