25 matches found
CVE-2026-61736
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORSORIGINS= combined with allowcredentials=True in lightrag/api/lightragserver.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin request...
CVE-2026-61740
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAGAPIKEY set but AUTHACCOUNTS unset, X-API-Key protection can be bypassed because lightrag/api/auth.py falls back to a hardcoded DEFAULTTOKENSECRET, /auth-status and /login can...
CVE-2026-61740
LightRAG vulnerability CVE-2026-61740 affects LightRAG prior to v1.5.4. When LIGHTRAG_API_KEY is set but AUTH_ACCOUNTS is unset, authentication protection can be bypassed: lightrag/api/auth.py falls back to a hardcoded DEFAULT_TOKEN_SECRET, /auth-status and /login can mint guest JWTs, and combine...
EUVD-2026-44671
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAGAPIKEY set but AUTHACCOUNTS unset, X-API-Key protection can be bypassed because lightrag/api/auth.py falls back to a hardcoded DEFAULTTOKENSECRET, /auth-status and /login can...
CVE-2026-61740 LightRAG: Authentication bypass: hardcoded DEFAULT_TOKEN_SECRET and public /auth-status defeat LIGHTRAG_API_KEY protection
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAGAPIKEY set but AUTHACCOUNTS unset, X-API-Key protection can be bypassed because lightrag/api/auth.py falls back to a hardcoded DEFAULTTOKENSECRET, /auth-status and /login can...
CVE-2026-61736
LightRAG vulnerability CVE-2026-61736 stems from a CORS misconfiguration prior to version 1.5.4: CORS_ORIGINS is set to '*' and allow_credentials=True in lightrag/api/lightrag_server.py, causing Starlette CORSMiddleware to effectively whitelist all origins for credentialed cross-origin requests. ...
CVE-2026-61736 LightRAG: CORS Wildcard + Credentials Enables Any-Origin Credentialed Requests
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORSORIGINS= combined with allowcredentials=True in lightrag/api/lightragserver.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin request...
CVE-2026-39413
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...
CVE-2026-39413 LightRAG has a JWT Algorithm Confusion Vulnerability in LightRAG API
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...
CVE-2026-39413 LightRAG has a JWT Algorithm Confusion Vulnerability in LightRAG API
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...
CVE-2026-39413
LightRAG is vulnerable to a JWT algorithm confusion attack in versions prior to 1.4.14 of its API. An attacker can forge tokens with alg: none in the JWT header because jwt.decode() does not explicitly disallow none, allowing another party to access protected resources without a valid signature. ...
CVE-2026-39413 LightRAG has a JWT Algorithm Confusion Vulnerability in LightRAG API
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode call does not explicitly deny the 'none'...
LightRAG 数据伪造问题漏洞
LightRAG is an open-source retrieval-enhanced generation application developed by the Data Intelligence Laboratory at the Hong Kong University HKU. Versions of LightRAG prior to 1.4.14 contained a data manipulation vulnerability caused by JWT algorithm exploitation attacks. This vulnerability...
PT-2026-31285
Name of the Vulnerable Software and Affected Versions LightRAG versions prior to 1.4.14 Description The LightRAG API is susceptible to a JWT algorithm confusion attack. An attacker can forge tokens by setting 'alg': 'none' in the JWT header. The jwt.decode function does not explicitly disallow th...
EUVD-2025-19421
Malicious code in bioql PyPI...
Path Traversal
lightrag-hku is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied filenames due to unsanitized input in the file.filename parameter in the uploadtoinputdir function, allowing an attacker to write files to arbitrary locations on the server...
CVE-2025-6773
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...
GHSA-V9W6-9HQ9-33CH HKUDS LightRAG allows Path Traversal via function upload_to_input_dir
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...
CVE-2025-6773
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...
CVE-2025-6773 HKUDS LightRAG File Upload document_routes.py upload_to_input_dir path traversal
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...