CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

Positive Technologies•added 2026/04/04 12:0 a.m.•4 views

PT-2026-30318

Summary: The file lightrag/api/config.py line 397 uses a default JWT secret "lightrag-jwt-default-secret" when the TOKEN SECRET environment variable is not set. The AuthHandler in lightrag/api/auth.py lines 24-25 uses this secret to sign and verify tokens. An unauthenticated attacker can forge...

7.5CVSS5.9AI score0.0012EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by