RAGFlow, an open-source Retrieval-Augmented Generation engine, contains a critical Server-Side Template Injection (SSTI) vulnerability in versions 0.24.0 and earlier. The vulnerability exists in the Jinja2 template injection within the prompt generator component (rag/prompts/generator.py). Any authenticated user can exploit this flaw to execute arbitrary operating system commands on the server. The attack can be triggered by creating a Canvas workflow with a DuckDuckGo + LLM component chain, making this a high-severity vulnerability that allows for remote code execution with minimal user privileges required.