Overview
A critical vulnerability has been identified in LightRAG, the popular open-source retrieval-augmented generation (RAG) framework, which ships with a dangerously permissive CORS configuration by default. The issue, tracked as CVE-2026-61736 with a CVSS score of 9.3 (Critical), allows any origin to make credentialed cross-origin requests to the LightRAG API server.
The root cause lies in lightrag/api/lightrag_server.py, where the server defaults to:
CORS_ORIGINS="*"
allow_credentials=TrueAccording to the CORS specification, combining a wildcard origin (*) with allow_credentials=True via Starlette's CORSMiddleware effectively whitelists every origin for credentialed requests — meaning cookies, authorization headers, and TLS client certificates are forwarded from any attacker-controlled site.
Impact
An attacker who can lure an authenticated LightRAG user to a malicious webpage can:
- Read or exfiltrate the victim's knowledge graph data via cross-origin fetch requests
- Insert or delete graph nodes and relationships
- Query the LLM backend using the victim's API credentials
- Fully compromise multi-tenant deployments where users share a single LightRAG instance
The severity is amplified by LightRAG's common deployment pattern: many organizations run it as an internal tool behind an SSO proxy or basic auth layer, assuming cross-origin protections are enforced at the browser level. This vulnerability bypasses that assumption entirely.
Affected Versions
| Product | Affected Versions | Fixed Version |
|---|---|---|
| LightRAG Server | All versions prior to 1.5.4 | 1.5.4 |
Remediation
Update Immediately
Upgrade LightRAG to version 1.5.4 or later:
pip install --upgrade lightrag-hkuManual Mitigation (if unable to upgrade)
Explicitly configure CORS with an allowlist of trusted origins:
from lightrag.api.lightrag_server import create_app
app = create_app(
cors_origins=["https://your-trusted-domain.com"],
allow_credentials=True
)Never use CORS_ORIGINS="*" alongside allow_credentials=True in production.
Network-Level Controls
If running LightRAG behind a reverse proxy (nginx, Traefik, Caddy), ensure CORS headers set by the proxy override or remove the application's permissive defaults:
add_header 'Access-Control-Allow-Origin' 'https://your-domain.com' always;
add_header 'Access-Control-Allow-Credentials' 'true' always;Detection
Check your LightRAG startup logs or configuration for the default CORS_ORIGINS=* setting:
grep -r "CORS_ORIGINS" /path/to/lightrag/
grep -r "allow_credentials" /path/to/lightrag/Review your web server access logs for cross-origin preflight (OPTIONS) requests from unexpected origins:
grep 'OPTIONS' /var/log/nginx/access.log | grep 'Origin:'
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
| Metric | Value |
|---|---|
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity | High |
| Availability | High |