External risk intelligence

LightRAG Allows Malicious Websites to Exfiltrate Data or Perform Destructive Actions via Cross-Origin Requests

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-61736

The vulnerability exists in the LightRAG API server. API servers are commonly deployed as network-accessible services to facilitate retrieval-augmented generation tasks for web applications or other integrated systems, making them frequent targets for network-based interaction in standard deployment patterns.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory details a critical security vulnerability in the LightRAG application that could allow malicious websites to execute authenticated API requests on behalf of users. This could lead to unauthorized access and manipulation of sensitive documents and knowledge graph data. The primary concern is to confirm whether your organization utilizes this technology and is therefore exposed.

  • Malicious sites can steal data or take action.
  • Affects applications using LightRAG for data retrieval.
  • Confirm if LightRAG is in use and exposed.

Attack Path

How an attacker could exploit the issue

An attacker can compromise a LightRAG server by tricking an authenticated user into visiting a malicious website. This website can then send requests to the LightRAG server using the user's existing authentication. The server, misconfigured to allow requests from any origin, will process these requests, potentially leading to the theft of sensitive data or the deletion of stored information.

  • Requires user authentication and visiting a malicious site.
  • Triggers via authenticated, cross-origin requests to the API.
  • Risk of data exfiltration or deletion.

Live Threat

Current exploitation, exposure, and threat context

When supported by the advisory, an authenticated user visiting a malicious website could have their session used to make unauthorized requests to the LightRAG server. This could allow for the exfiltration of documents, knowledge graph data, or potentially destructive actions like deleting the document store.

  • Documents and knowledge graph data at risk.
  • Malicious website initiates authenticated requests.
  • Data exfiltration or document store deletion.

Operational Fix

Recommended remediation, mitigation, and detection steps

Application owners and platform teams are likely responsible for addressing this vulnerability, as it affects the LightRAG API server. The first practical step is to identify all instances of the affected technology, confirm their business criticality and network reachability, and then determine the accountable owner for remediation planning.

  • Identify and confirm affected assets.
  • Verify business criticality and exposure.
  • Plan remediation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is LightRAG?

LightRAG is an open-source framework designed for retrieval-augmented generation. It helps systems connect large language models to specific datasets, allowing users to query documents and knowledge graphs. It is primarily used to build intelligent applications that require fast, accurate information retrieval from stored, private, or specialized knowledge bases.

What is the vulnerability in CVE-2026-61736?

This is a cross-origin resource sharing (CORS) misconfiguration, categorized as CWE-942. The software mistakenly tells web browsers that any website, regardless of its origin, is trusted to send authenticated requests to the LightRAG API. Because the API improperly accepts these requests, a third-party site can act on behalf of a user who is logged in.

How is this vulnerability triggered?

An attacker must trick an already authenticated user into visiting a malicious website while they have an active session with the LightRAG server. If the user is not currently logged into the LightRAG instance, the malicious site cannot leverage their authentication to perform unauthorized actions. It does not trigger via direct, unauthenticated network traffic.

Do I need to worry if my LightRAG instance is internal?

Halo Surface Signal notes that API servers are often deployed to support integrated systems, making them frequent targets for network interaction. Even if your instance is not directly exposed to the public internet, users within your organization who visit external websites while authenticated remain a potential pathway for this attack, warranting attention regardless of network placement.

How do I start fixing this issue?

Your first step is to locate all deployments of LightRAG within your environment and verify their current version. Since this vulnerability is resolved in version 1.5.4, planning an update to that version or later is the primary path to remediation. Coordinate with the teams responsible for these applications to confirm their use and ensure the patch is applied.

References