CVE-2026-61740 - LightRAG: Authentication bypass: hardcoded DEFAULT_TOKEN_SECRET and public /auth-status defeat LIGHTRAG_API_KEY protection
CVE ID :CVE-2026-61740 Published : July 15, 2026, 3:16 p.m. | 1 hour, 17 minutes ago Description :LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, when LightRAG is deployed with LIGHTRAG_API_KEY set but AUTH_ACCOUNTS unset, X-API-Key protection can be bypassed...