Lightrag
Monthly
Authentication bypass in HKUDS LightRAG before 1.5.4 lets a remote unauthenticated attacker defeat X-API-Key protection when the server runs in the API-key-only profile (LIGHTRAG_API_KEY set, AUTH_ACCOUNTS unset). Because auth.py falls back to a public hardcoded DEFAULT_TOKEN_SECRET and /auth-status and /login freely mint guest JWTs, combined_dependency honored a guest token before ever checking the API key, exposing document read/upload/delete, graph mutation, and query endpoints. No public exploit is identified at time of analysis, but the underlying fix (PR #3319) ships a regression test showing that forging a valid guest token with the default secret is trivial; fixed in 1.5.4.
Cross-origin data theft in LightRAG server versions prior to 1.5.4 allows any malicious website to make authenticated, credentialed API calls on behalf of a logged-in victim because the server ships with CORS_ORIGINS=* paired with allow_credentials=True. When an authenticated LightRAG user browses to an attacker-controlled page, that page can silently read documents and knowledge-graph data or issue destructive requests such as deleting the entire document store. No public exploit has been identified at time of analysis and the flaw is not in CISA KEV, but the fix is confirmed released in version 1.5.4.
Authentication bypass in HKUDS LightRAG before 1.5.4 lets a remote unauthenticated attacker defeat X-API-Key protection when the server runs in the API-key-only profile (LIGHTRAG_API_KEY set, AUTH_ACCOUNTS unset). Because auth.py falls back to a public hardcoded DEFAULT_TOKEN_SECRET and /auth-status and /login freely mint guest JWTs, combined_dependency honored a guest token before ever checking the API key, exposing document read/upload/delete, graph mutation, and query endpoints. No public exploit is identified at time of analysis, but the underlying fix (PR #3319) ships a regression test showing that forging a valid guest token with the default secret is trivial; fixed in 1.5.4.
Cross-origin data theft in LightRAG server versions prior to 1.5.4 allows any malicious website to make authenticated, credentialed API calls on behalf of a logged-in victim because the server ships with CORS_ORIGINS=* paired with allow_credentials=True. When an authenticated LightRAG user browses to an attacker-controlled page, that page can silently read documents and knowledge-graph data or issue destructive requests such as deleting the entire document store. No public exploit has been identified at time of analysis and the flaw is not in CISA KEV, but the fix is confirmed released in version 1.5.4.