CVE-2026-61736 in LightRAG
Summary
by MITRE • 07/15/2026
LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORS_ORIGINS=* combined with allow_credentials=True in lightrag/api/lightrag_server.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin requests. Any malicious website visited by an authenticated LightRAG user can silently make authenticated API requests, exfiltrating documents and knowledge graph data or performing destructive actions such as deleting the document store. This vulnerability is fixed in 1.5.4.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/15/2026
The LightRAG retrieval-augmented generation system presents a critical cross-origin resource sharing vulnerability that fundamentally compromises user authentication security. This flaw exists in server configurations prior to version 1.5.4 where the default CORS_ORIGINS setting is configured to accept all origins while simultaneously enabling credential-based access through allow_credentials=True parameter. The configuration creates an insecure default that effectively nullifies cross-origin protection mechanisms, allowing any website to establish authenticated connections with the LightRAG server on behalf of legitimate users.
The technical implementation involves the Starlette CORSMiddleware component which processes incoming HTTP requests and enforces cross-origin policies. When CORS_ORIGINS=* is set alongside allow_credentials=True, the middleware effectively disables origin validation for credential-based requests, creating an attack surface where malicious actors can craft web pages that silently execute authenticated API calls against the vulnerable LightRAG server. This configuration pattern directly violates security best practices outlined in owasp top ten and is classified as a CWE-346 Origin Validation Error, where the application fails to validate the origin of cross-origin requests.
The operational impact of this vulnerability extends far beyond simple data access. An authenticated user who visits a malicious website becomes a conduit for unauthorized actions against their LightRAG instance. Attackers can silently extract sensitive documents and knowledge graph information without user awareness or consent, potentially leading to intellectual property theft, data breaches, and exposure of confidential organizational knowledge. The destructive potential is equally concerning as attackers could perform write operations including deleting document stores, modifying content, or corrupting the entire knowledge base through authenticated API endpoints.
This vulnerability aligns with several ATT&CK techniques including T1566 Initial Access through credential compromise and T1071.001 Application Layer Protocol for command and control communications. The attack vector exploits trust relationships between web browsers and web applications, leveraging the browser's automatic handling of credentials during cross-origin requests. Organizations using LightRAG versions prior to 1.5.4 face significant risk exposure particularly in environments where authenticated users access the system from potentially compromised networks or where social engineering attacks could successfully redirect users to malicious sites. The fix implemented in version 1.5.4 addresses this by properly configuring CORS policies to restrict origins while maintaining necessary authentication mechanisms, ensuring that only explicitly trusted domains can establish credential-based connections with the LightRAG server.
The vulnerability demonstrates how default security configurations can create dangerous assumptions about application behavior, emphasizing the importance of explicit security hardening rather than relying on potentially insecure defaults. Security practitioners should verify all deployed applications for similar cross-origin configuration issues and implement principle of least privilege approaches to CORS settings. Organizations must also consider implementing additional monitoring and logging controls to detect unauthorized API access patterns and credential misuse attempts that could indicate exploitation of such vulnerabilities.