PyPI: ragas
CVE-2026-6587
Safety vulnerability ID: SFTY-20260420-91347
Safety legacy ID: pyup.io-95048
Affected versions of the ragas package are vulnerable to Server-Side Request Forgery due to insufficient validation of attacker-controlled URL and file path arguments in the Collections Module. The flaw resides in the _try_process_local_file and _try_process_url functions in src/ragas/metrics/collections/multi_modal_faithfulness/util.py, which process the retrieved_contexts argument without restricting outbound destinations, and the previous patch for CVE-2025-45691 was applied only to a different module. A remote attacker can manipulate retrieved_contexts to coerce the package into issuing unauthorised requests to attacker-chosen destinations, with a public exploit available.
Overview
RAGAS has SSRF via Multi-Modal Faithfulness Collections Module
Advisory
Affected versions of the ragas package are vulnerable to Server-Side Request Forgery due to insufficient validation of attacker-controlled URL and file path arguments in the Collections Module. The flaw resides in the _try_process_local_file and _try_process_url functions in src/ragas/metrics/collections/multi_modal_faithfulness/util.py, which process the retrieved_contexts argument without restricting outbound destinations, and the previous patch for CVE-2025-45691 was applied only to a different module. A remote attacker can manipulate retrieved_contexts to coerce the package into issuing unauthorised requests to attacker-chosen destinations, with a public exploit available.
How to Fix
We recommend updating ragas to the latest non-vulnerable version.
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260420-91347/CVE-2026-6587
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6587
- https://data.safetycli.com/changelogs/ragas/
- https://github.com/advisories/GHSA-95WW-475F-PR4F
- https://pypi.org/project/ragas
- https://nvd.nist.gov/vuln/detail/CVE-2026-6587
- https://adithyanak.com/ragas-v0214-arbitrary-file-read-vulnerability
- https://vuldb.com/submit/791088
- https://vuldb.com/vuln/358222
- https://vuldb.com/vuln/358222/cti
- https://github.com/advisories/GHSA-95ww-475f-pr4f
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more