4 matches found
CVE-2026-12799
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...
PT-2026-51213
Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description Improper authorization occurs in the ui view users function located in the litellm/proxy/management endpoints/internal user endpoints.py file. This flaw allows a remote attacker to bypass...
CVE-2025-0628 Improper Authorization in BerriAI/litellm
An improper authorization vulnerability exists in the main-latest version of BerriAI/litellm. When a user with the role 'internaluserviewer' logs into the application, they are provided with an overly privileged API key. This key can be used to access all the admin functionality of the applicatio...
CVE-2025-0628
CVE-2025-0628 affects the main-latest version of BerriAI/litellm. The issue allows an user with the internal_user_viewer role to obtain an overly privileged API key that can access admin endpoints (e.g., /users/list, /users/get_users), enabling privilege escalation to a PROXY ADMIN. Multiple sour...