5 matches found
Exploit for Incorrect Authorization in Litellm
CVE-2026-35029 – LiteLLM /config/update privilege escalation...
📄 LiteLLM 1.83.0 Insecure Direct Object Reference
LiteLLM exposes a /config/update API endpoint that allows administrators to make configuration changes to the instance. Due to a missing authorization check, low-privileged users can access this endpoint without restriction. An attacker with a low-privileged account can exploit this to exfiltrate...
CVE-2026-35029 vulnerabilities
Vulnerabilities for packages: airflow...
01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +756 more potentially affected by CVE-2026-35029 via litellm (>=0.1.400 <=1.82.6)
litellm PYPI version =0.1.400, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: CVE-2026-35029 Source advisory: OSV:GHSA-53MR-6C8Q-9789...
01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +736 more potentially affected by CVE-2026-35029 via litellm (>=1.0.0 <=1.82.6)
litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: CVE-2026-35029 Source advisory: SNYK:PYTHON-LITELLM-15907616...