CVE-2026-24770 is a critical vulnerability classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), commonly referred to as a 'Zip Slip'. It affects the MinerU parser component of the open-source Retrieval-Augmented Generation (RAG) engine, RAGFlow, specifically versions 0.23.1 and earlier. The vulnerability arises from the MinerUParser class's method _extract_zip_no_root, which extracts ZIP files retrieved from an external source (mineru_server_url) without properly sanitizing the filenames contained within the archive. This lack of validation allows an attacker to craft a malicious ZIP archive containing path traversal sequences (e.g., ../) in filenames, enabling them to overwrite arbitrary files on the server's filesystem during extraction. Such file overwrites can lead to remote code execution (RCE) if critical system or application files are replaced or malicious scripts are planted. The vulnerability requires no authentication and no user interaction, making it highly exploitable remotely. The CVSS v3.1 score of 9.8 reflects the high impact on confidentiality, integrity, and availability, combined with ease of exploitation over the network. Although no known exploits are reported in the wild yet, the presence of a public patch (commit 64c75d558e4a17a4a48953b4c201526431d8338f) indicates active remediation efforts. Organizations using RAGFlow should prioritize updating to patched versions and review their ZIP file handling processes to prevent exploitation.

For European organizations deploying RAGFlow, especially those integrating external data sources or automating document ingestion via ZIP archives, this vulnerability poses a significant risk. Exploitation could lead to complete system compromise, data breaches, and service disruption. Confidential information could be exfiltrated or altered, and critical infrastructure relying on RAGFlow for AI-driven data processing could be manipulated or disabled. Given the critical severity and remote exploitability without authentication, attackers could leverage this vulnerability to gain persistent footholds in networks. Sectors such as finance, healthcare, research institutions, and government agencies using RAGFlow or its components are particularly at risk. The impact extends beyond individual systems if attackers use compromised hosts as pivot points for lateral movement within enterprise networks. Additionally, the open-source nature of RAGFlow means that many organizations may deploy it without extensive security vetting, increasing exposure.

1. Immediately update RAGFlow to the latest patched version that includes the fix from commit 64c75d558e4a17a4a48953b4c201526431d8338f or later. 2. Implement strict validation and sanitization of all filenames within ZIP archives before extraction, ensuring no path traversal sequences are allowed. 3. Restrict the mineru_server_url or any external ZIP sources to trusted and authenticated endpoints only. 4. Employ application-layer sandboxing or containerization for ZIP extraction processes to limit filesystem access and contain potential damage. 5. Monitor file system changes and audit logs for unusual overwrites or modifications, especially in directories where ZIP contents are extracted. 6. Use intrusion detection/prevention systems (IDS/IPS) tuned to detect exploitation attempts involving ZIP archive path traversal. 7. Educate development and DevOps teams about secure handling of archive files and incorporate security testing for ZIP extraction routines in CI/CD pipelines. 8. If immediate patching is not feasible, consider disabling or restricting the MinerU parser’s ZIP extraction functionality temporarily.