Lucene search
K

31 matches found

RedhatCVE
RedhatCVE
added 2026/06/29 5:7 a.m.9 views

CVE-2026-12772

A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the authenticateuser function within the PROXYADMIN database API Key Generator component. By performing a specific manipulation, an attacker can cause session expiration for users, leading to a denial of servi...

6.5CVSS6.5AI score0.00262EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/06/25 6:44 p.m.9 views

CVE-2026-47102

A flaw was found in LiteLLM. A user with access to the /user/update endpoint can exploit a privilege escalation vulnerability. By modifying their own userrole to proxyadmin, an attacker can gain full administrative access to LiteLLM, including control over all users, teams, keys, models, and prom...

8.8CVSS6AI score0.00653EPSS
Exploits2References10
NVD
NVD
added 2026/06/21 3:16 a.m.18 views

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS0.00262EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/21 2:0 a.m.39 views

CVE-2026-12772 BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS0.00262EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 2:0 a.m.7 views

CVE-2026-12772

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00262EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.24 views

PT-2026-51196

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description A security flaw exists in the PROXY ADMIN database API Key Generator component within the authenticate user function of the litellm/proxy/auth/login utils.py file. A remote attacker can...

6.5CVSS6.6AI score0.00262EPSS
Exploits1References12
GithubExploit
GithubExploit
added 2026/05/25 1:37 p.m.163 views

Exploit for CVE-2026-47102

CVE-2026-47102 – LiteLLM Privilege Escalation via /user/updat...

8.8CVSS5.7AI score0.00739EPSS
Exploits4
GithubExploit
GithubExploit
added 2026/05/25 9:10 a.m.111 views

Exploit for CVE-2026-47101

CVE-2026-47101 — LiteLLM Privilege Escalation via /key/genera...

8.8CVSS5.8AI score0.00739EPSS
Exploits3
Github Security Blog
Github Security Blog
added 2026/05/21 9:30 p.m.6 views

LiteLLM allows a user to modify their own user_role via the /user/update endpoint

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS6.1AI score0.00653EPSS
Exploits2References10Affected Software1
NVD
NVD
added 2026/05/21 9:16 p.m.13 views

CVE-2026-47102

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS0.00653EPSS
Exploits2References11
Cvelist
Cvelist
added 2026/05/21 8:34 p.m.34 views

CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS0.00653EPSS
Exploits2References8
Vulnrichment
Vulnrichment
added 2026/05/21 8:34 p.m.9 views

CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References8
EUVD
EUVD
added 2026/05/21 8:34 p.m.9 views

EUVD-2026-31345

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:34 p.m.9 views

CVE-2026-47102

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References8
CVE
CVE
added 2026/05/21 8:34 p.m.47 views

CVE-2026-47102

LiteLLM is affected up to version 1.83.10. A vulnerability in the /user/update endpoint allows a user to modify their own user_role, potentially elevating to proxy_admin and gaining full administrative access to LiteLLM (including users, teams, keys, models, and prompt history). The flaw arises b...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References11Affected Software1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

LiteLLM 安全漏洞

LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Prior to version 1.83.10, LiteLLM had a security vulnerability. This vulnerability stemmed from the lack of restrictions on the fields that could be modified by the /user and /update...

8.8CVSS5.8AI score0.00653EPSS
Exploits2References1
NCSC
NCSC
added 2026/05/11 6:38 a.m.26 views

vulnerabilities handled in LiteLLM by BerriAI

BerriAI has addressed vulnerabilities in LiteLLM, specifically in versions 1.74.2 to 1.83.6. LiteLLM is a widely used proxy for managing APIs to a large number of LLM systems in a centralized manner. The first vulnerability involves an SQL injection in the proxy API key verification mechanism,...

9.8CVSS6.4AI score0.86607EPSS
Exploits9References2
OSV
OSV
added 2026/04/25 11:27 p.m.67 views

GHSA-V4P8-MG3P-G94G LiteLLM: Authenticated command execution via MCP stdio test endpoints

Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...

8.8CVSS6AI score0.80188EPSS
Exploits2References5
OSV
OSV
added 2026/04/03 9:59 p.m.6 views

GHSA-53MR-6C8Q-9789 LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint

Impact The /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to...

8.7CVSS6.3AI score0.26409EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.24 views

PT-2026-42539

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.10 Description An issue exists where the '/user/update' endpoint does not restrict which fields a user can modify when updating their own account. This allows a user to change their user role to proxy admin,...

9CVSS5.3AI score0.00653EPSS
Exploits2References23
Rows per page
Query Builder