{"vulnerability": "CVE-2026-24770", "sightings": [{"uuid": "78f8d951-9af2-49ef-a862-c8e55f7aa4e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24770", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mdguitgkzk23", "content": "", "creation_timestamp": "2026-01-27T23:02:20.868323Z"}, {"uuid": "63921869-b38c-49ae-9efe-40267d5a8534", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24770", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mdgujpao542o", "content": "", "creation_timestamp": "2026-01-27T23:02:49.954253Z"}, {"uuid": "1d554ee2-f308-434b-8cdf-4bcea6a156cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24770", "type": "seen", "source": "https://t.me/brutsecurity/2514", "content": "\ud83d\udea8 CVE-2026-24770: RAGFlow RCE (Zip Slip) Weaponized PoC\n\nCritical unauthenticated RCE in RAGFlow\u2019s MinerUParser\u2014attackers can execute arbitrary commands. 3,000+ instances are currently exposed.\n\n\ud83d\udd0d Identify Targets via ZoomEye:\n\nFilter: vul.cve=\"CVE-2026-24770\"\n\nDork: app=\"RAGFlow\" \ud83d\udc49 ZoomEye Search Link https://www.zoomeye.ai/searchResult?q=dnVsLmN2ZT0iQ1ZFLTIwMjYtMjQ3NzAi&amp;utm_source=twitter&amp;utm_medium=social&amp;utm_campaign=cve_ops_20260209", "creation_timestamp": "2026-07-09T03:00:05.743223Z"}, {"uuid": "0fa9b52c-82ab-4a0f-b1cf-0316969f14ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24770", "type": "seen", "source": "https://t.me/brutsecurity/2514", "content": "\ud83d\udea8 CVE-2026-24770: RAGFlow RCE (Zip Slip) Weaponized PoC\n\nCritical unauthenticated RCE in RAGFlow\u2019s MinerUParser\u2014attackers can execute arbitrary commands. 3,000+ instances are currently exposed.\n\n\ud83d\udd0d Identify Targets via ZoomEye:\n\nFilter: vul.cve=\"CVE-2026-24770\"\n\nDork: app=\"RAGFlow\" \ud83d\udc49 ZoomEye Search Link https://www.zoomeye.ai/searchResult?q=dnVsLmN2ZT0iQ1ZFLTIwMjYtMjQ3NzAi&amp;utm_source=twitter&amp;utm_medium=social&amp;utm_campaign=cve_ops_20260209", "creation_timestamp": "2026-07-10T00:00:13.066355Z"}, {"uuid": "5aca9b73-a8c4-4725-9c11-b9ed002aa8ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24770", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2514", "content": "\ud83d\udea8 CVE-2026-24770: RAGFlow RCE (Zip Slip) Weaponized PoC\n\nCritical unauthenticated RCE in RAGFlow\u2019s MinerUParser\u2014attackers can execute arbitrary commands. 3,000+ instances are currently exposed.\n\n\ud83d\udd0d Identify Targets via ZoomEye:\n\nFilter: vul.cve=\"CVE-2026-24770\"\n\nDork: app=\"RAGFlow\" \ud83d\udc49 ZoomEye Search Link https://www.zoomeye.ai/searchResult?q=dnVsLmN2ZT0iQ1ZFLTIwMjYtMjQ3NzAi&amp;utm_source=twitter&amp;utm_medium=social&amp;utm_campaign=cve_ops_20260209", "creation_timestamp": "2026-07-11T10:00:05.332434Z"}, {"uuid": "2c62b6f1-dce5-4fb5-aacd-a855dfc12b00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-24770", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2514", "content": "\ud83d\udea8 CVE-2026-24770: RAGFlow RCE (Zip Slip) Weaponized PoC\n\nCritical unauthenticated RCE in RAGFlow\u2019s MinerUParser\u2014attackers can execute arbitrary commands. 3,000+ instances are currently exposed.\n\n\ud83d\udd0d Identify Targets via ZoomEye:\n\nFilter: vul.cve=\"CVE-2026-24770\"\n\nDork: app=\"RAGFlow\" \ud83d\udc49 ZoomEye Search Link https://www.zoomeye.ai/searchResult?q=dnVsLmN2ZT0iQ1ZFLTIwMjYtMjQ3NzAi&amp;utm_source=twitter&amp;utm_medium=social&amp;utm_campaign=cve_ops_20260209", "creation_timestamp": "2026-07-12T00:00:51.897333Z"}]}