GHSA-4XGF-CPJX-PC3J vulnerabilities

Vulnerabilities for packages: litellm, azureml-inference-server-http, airflow, open-webui, airflow-core, lmcache-cuda-12.8, tritonserver-backend-vllm-cuda-12.9, tritonserver-backend-vllm-cuda-13.0, prefect, prefect-fips, semgrep, vllm-cuda-13.2, azureml-inference-server-http-fips, mcp-atlassian...

CVE-2026-12774

CVE-2026-12774 affects BerriAI litellm up to 1.82.2. The vulnerability targets the function _execute_with_mcp_client in litellm/proxy/_experimental/mcp_server/rest_endpoints.py (MCP Server Connection Testing). It enables server‑side request forgery through manipulation of this component, with rem...

VulnCheck KEV: CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +806 more potentially affected by CVE-2026-47102 via litellm (>=1.0.0 <=1.83.1)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.6.0, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 and more Source cves: CVE-2026-47102 Source advisory: SNYK:PYTHON-LITELLM-16795354...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +816 more potentially affected by CVE-2026-47101 via litellm (>=1.0.0 <=1.83.13)

litellm PYPI version =1.0.0, =0.0.1, =0.0.14, =0.0.14, =0.0.1a0, =0.3.5, =0.6.0, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 and more Source cves: CVE-2026-47101 Source advisory: SNYK:PYTHON-LITELLM-16795355...

CVE-2026-47102

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

Exploit for SQL Injection in Litellm

Threat Intelligence Brief - CVE-2026-42208: BerriAI LiteLLM SQ...

CVE-2026-41168 vulnerabilities

Vulnerabilities for packages: litellm, nemo, open-webui...

0xpwn (=0.1.1), a2a-acl (>=0.0.14 <=0.0.15) +285 more potentially affected by CVE-2026-42208 via litellm (>=1.81.16 <=1.83.4)

litellm PYPI version =1.81.16, =0.0.14, =0.0.14, =0.0.1a0, =0.6.0, =0.7.3, =0.1.46, =0.25.4a2, =0.5.2, =0.1.0, =0.1.0, =0.1.0, =0.2.4, =0.2.15 and more Source cves: CVE-2026-42208 Source advisory: SNYK:PYTHON-LITELLM-16300164...

0xpwn (=0.1.1), a2a-acl (>=0.0.14 <=0.0.15) +285 more potentially affected by CVE-2026-42208 via litellm (>=1.81.16 <=1.83.4)

litellm PYPI version =1.81.16, =0.0.14, =0.0.14, =0.0.1a0, =0.6.0, =0.7.3, =0.1.46, =0.25.4a2, =0.5.2, =0.1.0, =0.1.0, =0.1.0, =0.2.4, =0.2.15 and more Source cves: CVE-2026-42208 Source advisory: OSV:GHSA-R75F-5X8P-QVMC...

0xpwn (=0.1.1), a2a-acl (>=0.0.14 <=0.0.15) +300 more potentially affected by CVE-2026-42203 via litellm (>=1.80.5 <=1.83.4)

litellm PYPI version =1.80.5, =0.0.14, =0.0.14, =0.0.1a0, =0.6.0, =0.7.3, =0.1.46, =0.25.4a2, =0.5.2, =0.1.0, =0.1.0, =0.1.0, =0.2.4, =0.2.15 and more Source cves: CVE-2026-42203 Source advisory: OSV:GHSA-XQMJ-J6MV-4862...

01os (=0.0.14), 0xpwn (=0.1.1) +647 more potentially affected by CVE-2026-42271 via litellm (>=1.74.3 <=1.83.4)

litellm PYPI version =1.74.3, =0.0.14, =0.0.14, =0.0.1a0, =0.3.5, =0.6.0, =0.7.3, =0.1.0, =0.4.0, =0.1.39, =0.2.1, =0.2.1.10062025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 - agent-quality-inspect =2.0.0a1 and more Source cves: CVE-2026-42271 Source advisory: SNYK:PYTHON-LITELLM-16119122...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +846 more potentially affected by CVE-2026-40217 via litellm (>=1.0.0 <=1.83.8)

litellm PYPI version =1.0.0, =0.0.1, =0.0.14, =0.0.14, =0.0.1a0, =0.3.5, =0.6.0, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 and more Source cves: CVE-2026-40217 Source advisory: SNYK:PYTHON-LITELLM-16049285...

0xpwn (=0.1.1), a2a-acl (=0.0.14) +160 more potentially affected by CVE-2026-35030 via litellm (>=1.80.9 <=1.82.6)

litellm PYPI version =1.80.9, =0.0.1a0, =0.7.3, =0.1.46, =0.0.1, =0.1.14.13, =0.5.2, =0.1.0, =0.10.0, =2.0.0, =2.0.0, =2.0.1 - browser-use =0.12.4 and more Source cves: CVE-2026-35030 Source advisory: SNYK:PYTHON-LITELLM-15907831...

01os (>=0.0.1 <=0.0.14), 0xpwn (=0.1.1) +734 more potentially affected by CVE-2026-35029 via litellm (>=1.0.0 <=1.82.6)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.7.3, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.2.1.10102025 - agent-memory-server =0.15.0 - agent-opt =0.0.1 and more Source cves: CVE-2026-35029 Source advisory: SNYK:PYTHON-LITELLM-15907616...

01os (>=0.0.1 <=0.0.14), a2a-acl (=0.0.14) +647 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.82.3)

litellm PYPI version =1.0.0, =0.0.1, =0.0.1a0, =0.3.5, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.1.0, =0.14.1a0, =0.64.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15870298...

01os (>=0.0.1 <=0.0.14), 0xpwn (>=0.1.0 <=0.1.1) +3086 more potentially affected by unknown CVE via litellm (>=0.11.1 <=1.88.0.dev1)

litellm PYPI version =0.11.1, =0.0.1, =0.1.0, =0.1.0, =0.3.0, =0.0.13, =0.0.13, =0.1.3, =0.0.4, =0.1.0, =0.0.1a0, =0.3.5, =0.1.1.dev1, =0.2.2, =0.2.1, =0.2.0, =0.6.1 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15762713...

01os (>=0.0.1 <=0.0.14), aaf (>=0.3.5 <=0.3.9) +597 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.80.11)

litellm PYPI version =1.0.0, =0.0.1, =0.3.5, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.1.0, =0.14.1a0, =0.4.1, =0.1.0, =0.4.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-15170825...

01os (>=0.0.1 <=0.0.14), advanced-research (>=0.1.0 <=0.2.2) +422 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.77.5)

litellm PYPI version =1.0.0, =0.0.1, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.14.1a0, =0.1.0, =0.0.5, =0.3.1, =1.1.2, =1.4.3, =0.0.1, =0.1.0, =0.7.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-13803705...

01os (>=0.0.1 <=0.0.14), advanced-research (>=0.1.0 <=0.2.2) +422 more potentially affected by unknown CVE via litellm (>=1.0.0 <=1.77.5)

litellm PYPI version =1.0.0, =0.0.1, =0.1.0, =0.4.0, =0.8.1, =0.1.0, =0.1.39, =0.2.1, =0.14.1a0, =0.1.0, =0.0.5, =0.3.1, =1.1.2, =1.4.3, =0.0.1, =0.1.0, =0.7.0 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-LITELLM-13803635...