Lucene search
K

10 matches found

Rapid7 Blog
Rapid7 Blog
added 6 days ago8 views

Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more

Help shape the future of Metasploit Framework We are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they function/are presented to users. We are currently accepting responses to our feedback form, which means that you can shape the future of...

10CVSS7.3AI score0.99621EPSS
Exploits69
Snyk
Snyk
added 2026/06/16 11:38 p.m.9 views

User Impersonation

Overview litellm-proxy-extras is an Additional files for the LiteLLM Proxy. Reduces the size of the main litellm package. Affected versions of this package are vulnerable to User Impersonation via manipulation of the Host header during HTTP requests. An attacker can gain unauthorized access to...

9.8CVSS5.8AI score0.00559EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 11:38 p.m.4 views

GHSA-4XPC-PV4P-PM3W LiteLLM: Authentication Bypass via Host Header Injection

Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/authutils.py::getrequestroute, which Starlette reconstructs...

9.5CVSS5.4AI score0.00559EPSS
Exploits0References3
Veracode
Veracode
added 2026/05/09 5:40 a.m.10 views

Remote Code Execution (RCE)

LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...

8.8CVSS6.2AI score0.00373EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/05/08 4:16 a.m.11 views

CVE-2026-42203

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...

8.8CVSS0.00373EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:36 a.m.7 views

CVE-2026-42203

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...

8.6CVSS6AI score0.00373EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/08 3:36 a.m.7 views

EUVD-2026-28502

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...

8.6CVSS6AI score0.00373EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:35 a.m.7 views

CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

8.7CVSS6AI score0.80188EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/08 3:35 a.m.11 views

EUVD-2026-28507

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

8.8CVSS6AI score0.80188EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/04/28 4:57 p.m.291 views

Exploit for CVE-2026-42208

LiteLLM Proxy SQL Injection GHSA-r75f-5x8p-qvmc A reproduct...

6AI score0.84518EPSS
Exploits7
Rows per page
Query Builder