2 matches found
CVE-2026-30623
A flaw was found in LiteLLM. This vulnerability allows a remote attacker to execute arbitrary operating system commands on the host where LiteLLM is running. This is possible because the application's MCP server creation functionality processes JSON configurations that can include unvalidated...
CVE-2026-30623
LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application allows users to add MCP servers via a JSON configuration specifying arbitrary command and args values. LiteLLM executes these values on the host without validation, enabling...