CVE-2026-58579

Source
https://cve.org/CVERecord?id=CVE-2026-58579
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58579.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-58579
Published
2026-07-02T19:38:51.314Z
Modified
2026-07-10T04:02:28.999935133Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
RAGFlow < 0.26.3 - Stored Cross-Site Scripting via Agent Pipeline Node Name
Details

RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalize_dsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name into the "Rerun from current step" confirmation modal via dangerouslySetInnerHTML, and the i18next configuration sets escapeValue:false, so the value is inserted into the DOM without HTML encoding. An authenticated workspace user who can create or edit an agent can inject arbitrary JavaScript that executes in the session of another workspace member who opens the dataflow result and clicks rerun, enabling session/token theft and account takeover across the user trust boundary.

Database specific
{
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/58xxx/CVE-2026-58579.json"
}
References

Affected packages

Git / github.com/infiniflow/ragflow

Affected ranges

Type
GIT
Repo
https://github.com/infiniflow/ragflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.26.3"
        }
    ],
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ]
}

Affected versions

Other
dev-20260622
dev-20260623
dev-20260624
dev-20260625
dev-20260626
dev-20260630
dev-20260701
dev-20260702
nightly
v0.*
v0.1.0
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.14.1
v0.15.0
v0.15.1
v0.16.0
v0.17.0
v0.17.1
v0.17.2
v0.18.0
v0.19.1
v0.19.x
v0.2.0
v0.20.0
v0.20.1
v0.20.2
v0.20.3
v0.20.4
v0.20.5
v0.21.0
v0.21.1
v0.22.0
v0.22.1
v0.23.0
v0.23.1
v0.24.0
v0.25.0
v0.25.1
v0.25.2
v0.25.3
v0.25.4
v0.25.5
v0.25.6
v0.26.0
v0.26.1
v0.26.2
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-58579.json"