Location: `SakhiCircle/backend/main.py` (Lines 46-52) Allows credentials and wildcard origins which is a security risk. ```python app.add_middleware( CORSMiddleware, allow_origins=["*"], allow_credentials=True, allow_methods=["*"], allow_headers=["*"], ) ```