Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-39413

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the jwt.decode() call does not explicitly deny the 'none' algorithm, a crafted token without a signature will be accepted as valid, leading to unauthorized access. This vulnerability is fixed in 1.4.14.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.3%
CVSS Severity
CVSS v3 Score 4.2
Products affected by CVE-2026-39413
  • Hkuds » Lightrag » Version: 1.0.3
    cpe:2.3:a:hkuds:lightrag:1.0.3
  • Hkuds » Lightrag » Version: 1.0.4
    cpe:2.3:a:hkuds:lightrag:1.0.4
  • Hkuds » Lightrag » Version: 1.0.5
    cpe:2.3:a:hkuds:lightrag:1.0.5
  • Hkuds » Lightrag » Version: 1.0.6
    cpe:2.3:a:hkuds:lightrag:1.0.6
  • Hkuds » Lightrag » Version: 1.0.7
    cpe:2.3:a:hkuds:lightrag:1.0.7
  • Hkuds » Lightrag » Version: 1.0.8
    cpe:2.3:a:hkuds:lightrag:1.0.8
  • Hkuds » Lightrag » Version: 1.0.9
    cpe:2.3:a:hkuds:lightrag:1.0.9
  • Hkuds » Lightrag » Version: 1.1.0
    cpe:2.3:a:hkuds:lightrag:1.1.0
  • Hkuds » Lightrag » Version: 1.1.1
    cpe:2.3:a:hkuds:lightrag:1.1.1
  • Hkuds » Lightrag » Version: 1.1.10
    cpe:2.3:a:hkuds:lightrag:1.1.10
  • Hkuds » Lightrag » Version: 1.1.11
    cpe:2.3:a:hkuds:lightrag:1.1.11
  • Hkuds » Lightrag » Version: 1.1.12
    cpe:2.3:a:hkuds:lightrag:1.1.12
  • Hkuds » Lightrag » Version: 1.1.2
    cpe:2.3:a:hkuds:lightrag:1.1.2
  • Hkuds » Lightrag » Version: 1.1.3
    cpe:2.3:a:hkuds:lightrag:1.1.3
  • Hkuds » Lightrag » Version: 1.1.4
    cpe:2.3:a:hkuds:lightrag:1.1.4
  • Hkuds » Lightrag » Version: 1.1.5
    cpe:2.3:a:hkuds:lightrag:1.1.5
  • Hkuds » Lightrag » Version: 1.1.6
    cpe:2.3:a:hkuds:lightrag:1.1.6
  • Hkuds » Lightrag » Version: 1.1.7
    cpe:2.3:a:hkuds:lightrag:1.1.7
  • Hkuds » Lightrag » Version: 1.1.8
    cpe:2.3:a:hkuds:lightrag:1.1.8
  • Hkuds » Lightrag » Version: 1.1.9
    cpe:2.3:a:hkuds:lightrag:1.1.9
  • Hkuds » Lightrag » Version: 1.2.1
    cpe:2.3:a:hkuds:lightrag:1.2.1
  • Hkuds » Lightrag » Version: 1.2.2
    cpe:2.3:a:hkuds:lightrag:1.2.2
  • Hkuds » Lightrag » Version: 1.2.3
    cpe:2.3:a:hkuds:lightrag:1.2.3
  • Hkuds » Lightrag » Version: 1.2.4
    cpe:2.3:a:hkuds:lightrag:1.2.4
  • Hkuds » Lightrag » Version: 1.2.5
    cpe:2.3:a:hkuds:lightrag:1.2.5
  • Hkuds » Lightrag » Version: 1.2.6
    cpe:2.3:a:hkuds:lightrag:1.2.6
  • Hkuds » Lightrag » Version: 1.2.7
    cpe:2.3:a:hkuds:lightrag:1.2.7
  • Hkuds » Lightrag » Version: 1.2.8
    cpe:2.3:a:hkuds:lightrag:1.2.8
  • Hkuds » Lightrag » Version: 1.2.9
    cpe:2.3:a:hkuds:lightrag:1.2.9
  • Hkuds » Lightrag » Version: 1.3.0
    cpe:2.3:a:hkuds:lightrag:1.3.0
  • Hkuds » Lightrag » Version: 1.3.1
    cpe:2.3:a:hkuds:lightrag:1.3.1
  • Hkuds » Lightrag » Version: 1.3.10
    cpe:2.3:a:hkuds:lightrag:1.3.10
  • Hkuds » Lightrag » Version: 1.3.2
    cpe:2.3:a:hkuds:lightrag:1.3.2
  • Hkuds » Lightrag » Version: 1.3.3
    cpe:2.3:a:hkuds:lightrag:1.3.3
  • Hkuds » Lightrag » Version: 1.3.4
    cpe:2.3:a:hkuds:lightrag:1.3.4
  • Hkuds » Lightrag » Version: 1.3.5
    cpe:2.3:a:hkuds:lightrag:1.3.5
  • Hkuds » Lightrag » Version: 1.3.6
    cpe:2.3:a:hkuds:lightrag:1.3.6
  • Hkuds » Lightrag » Version: 1.3.7
    cpe:2.3:a:hkuds:lightrag:1.3.7
  • Hkuds » Lightrag » Version: 1.3.8
    cpe:2.3:a:hkuds:lightrag:1.3.8
  • Hkuds » Lightrag » Version: 1.3.9
    cpe:2.3:a:hkuds:lightrag:1.3.9
  • Hkuds » Lightrag » Version: 1.4.0
    cpe:2.3:a:hkuds:lightrag:1.4.0
  • Hkuds » Lightrag » Version: 1.4.1
    cpe:2.3:a:hkuds:lightrag:1.4.1
  • Hkuds » Lightrag » Version: 1.4.10
    cpe:2.3:a:hkuds:lightrag:1.4.10
  • Hkuds » Lightrag » Version: 1.4.11
    cpe:2.3:a:hkuds:lightrag:1.4.11
  • Hkuds » Lightrag » Version: 1.4.12
    cpe:2.3:a:hkuds:lightrag:1.4.12
  • Hkuds » Lightrag » Version: 1.4.13
    cpe:2.3:a:hkuds:lightrag:1.4.13
  • Hkuds » Lightrag » Version: 1.4.2
    cpe:2.3:a:hkuds:lightrag:1.4.2
  • Hkuds » Lightrag » Version: 1.4.3
    cpe:2.3:a:hkuds:lightrag:1.4.3
  • Hkuds » Lightrag » Version: 1.4.4
    cpe:2.3:a:hkuds:lightrag:1.4.4
  • Hkuds » Lightrag » Version: 1.4.5
    cpe:2.3:a:hkuds:lightrag:1.4.5
  • Hkuds » Lightrag » Version: 1.4.6
    cpe:2.3:a:hkuds:lightrag:1.4.6
  • Hkuds » Lightrag » Version: 1.4.7
    cpe:2.3:a:hkuds:lightrag:1.4.7
  • Hkuds » Lightrag » Version: 1.4.8
    cpe:2.3:a:hkuds:lightrag:1.4.8
  • Hkuds » Lightrag » Version: 1.4.8.1
    cpe:2.3:a:hkuds:lightrag:1.4.8.1
  • Hkuds » Lightrag » Version: 1.4.8.2
    cpe:2.3:a:hkuds:lightrag:1.4.8.2
  • Hkuds » Lightrag » Version: 1.4.9
    cpe:2.3:a:hkuds:lightrag:1.4.9
  • Hkuds » Lightrag » Version: 1.4.9.1
    cpe:2.3:a:hkuds:lightrag:1.4.9.1
  • Hkuds » Lightrag » Version: 1.4.9.10
    cpe:2.3:a:hkuds:lightrag:1.4.9.10
  • Hkuds » Lightrag » Version: 1.4.9.11
    cpe:2.3:a:hkuds:lightrag:1.4.9.11
  • Hkuds » Lightrag » Version: 1.4.9.2
    cpe:2.3:a:hkuds:lightrag:1.4.9.2
  • Hkuds » Lightrag » Version: 1.4.9.3
    cpe:2.3:a:hkuds:lightrag:1.4.9.3
  • Hkuds » Lightrag » Version: 1.4.9.4
    cpe:2.3:a:hkuds:lightrag:1.4.9.4
  • Hkuds » Lightrag » Version: 1.4.9.5
    cpe:2.3:a:hkuds:lightrag:1.4.9.5
  • Hkuds » Lightrag » Version: 1.4.9.6
    cpe:2.3:a:hkuds:lightrag:1.4.9.6
  • Hkuds » Lightrag » Version: 1.4.9.7
    cpe:2.3:a:hkuds:lightrag:1.4.9.7
  • Hkuds » Lightrag » Version: 1.4.9.8
    cpe:2.3:a:hkuds:lightrag:1.4.9.8
  • Hkuds » Lightrag » Version: 1.4.9.9
    cpe:2.3:a:hkuds:lightrag:1.4.9.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved