CVE-2026-61736 - LightRAG: CORS Wildcard + Credentials Enables Any-Origin Credentialed Requests
CVE ID :CVE-2026-61736 Published : July 15, 2026, 3:16 p.m. | 1 hour, 17 minutes ago Description :LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORS_ORIGINS=* combined with allow_credentials=True in lightrag/api/lightrag_server.py,...