11 matches found
CVE-2026-42203
A flaw was found in LiteLLM, an AI Gateway. An authenticated user could exploit this by sending a crafted prompt template to the POST /prompts/test endpoint. The endpoint rendered user-supplied prompt templates without proper sandboxing. This could lead to arbitrary code execution within the...
Remote Code Execution (RCE)
LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...
CVE-2026-42203 LiteLLM: Server-Side Template Injection in /prompts/test endpoint
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...
CVE-2026-42203
LiteLLM (proxy server) is affected from version 1.80.5 up to before 1.83.7 due to Server-Side Template Injection in the POST /prompts/test endpoint. The endpoint renders user-supplied prompt templates without sandboxing, enabling arbitrary code execution inside the LiteLLM Proxy process when auth...
EUVD-2026-28502
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...
CVE-2026-42203 LiteLLM: Server-Side Template Injection in /prompts/test endpoint
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...
LiteLLM 安全漏洞
LiteLLM is an open-source application developed by Berri AI. It allows for the invocation of all LLM APIs in the OpenAI format. Versions of LiteLLM from 1.80.5 to 1.83.7 contained a security vulnerability. This vulnerability stemmed from the POST /prompts/test endpoint accepting user-provided...
Improper Neutralization of Special Elements Used in a Template Engine
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the POST /prompts/test endpoint, which accepts user-supplied prompt templates and renders them...
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
Impact The POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user cou...
GHSA-XQMJ-J6MV-4862 LiteLLM: Server-Side Template Injection in /prompts/test endpoint
Impact The POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user cou...
EUVD-2025-111189
Malicious code in meteor-pulsar-prompts-test npm...