Severity: Low
openrag/routers/tools.py /v1/tools/execute (and /v1/tools) sit behind AuthMiddleware (any authenticated user) but have no partition/role dependency and no quota check. extractText runs the full (potentially expensive) serialization pipeline on an uploaded file with no rate/role gate.
No cross-tenant data is reachable (it only processes the uploaded file, deleted in finally), so this is a resource-abuse / DoS concern rather than an isolation bug. Consider a role or quota gate, and combine with the path-traversal hardening for this endpoint (tracked separately/privately).
Severity: Low
openrag/routers/tools.py/v1/tools/execute(and/v1/tools) sit behindAuthMiddleware(any authenticated user) but have no partition/role dependency and no quota check.extractTextruns the full (potentially expensive) serialization pipeline on an uploaded file with no rate/role gate.No cross-tenant data is reachable (it only processes the uploaded file, deleted in
finally), so this is a resource-abuse / DoS concern rather than an isolation bug. Consider a role or quota gate, and combine with the path-traversal hardening for this endpoint (tracked separately/privately).