21 matches found
CVE-2026-42271
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...
CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...
EUVD-2026-28507
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...
CVE-2026-42271
CVE-2026-42271 affects LiteLLM (proxy AI Gateway) prior to 1.83.7. Two MCP preview endpoints, POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list, accepted a full server configuration in the request body (including command, args, env) and would spawn the supplied command as a subpro...
CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...
CVE-2026-42271
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...
GHSA-V4P8-MG3P-G94G LiteLLM: Authenticated command execution via MCP stdio test endpoints
Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...
LiteLLM: Authenticated command execution via MCP stdio test endpoints
Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...
PT-2026-37185
Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.74.2 through 1.83.6 Description Two endpoints used to preview an MCP server before saving it, "POST /mcp-rest/test/connection" and "POST /mcp-rest/test/tools/list", accepted a full server configuration in the request body...
CVE-2026-40566
FreeScout (versions before 1.8.213) contains an SSRF in the IMAP/SMTP connection test flow via MailboxesController. The three AJAX actions fetch_test, send_test, and imap_folders pass admin-configured in_server/in_port and out_server/out_port directly to fsockopen and to IMAP/SMTP clients without...
CVE-2026-32662
Development and test API endpoints are present that mirror production functionality...
EUVD-2026-18847
Development and test API endpoints are present that mirror production functionality...
CVE-2026-32662
Development and test API endpoints are present that mirror production functionality...
CVE-2026-32662
Development and test API endpoints are present that mirror production functionality...
CVE-2026-32662 Gardyn Cloud API Active Debug Code
Development and test API endpoints are present that mirror production functionality...
CVE-2026-32662
Technical details about CVE-2026-32662 are not provided in the supplied documents. Monitor for updates from vendors and security advisories.
CVE-2026-32662 Gardyn Cloud API Active Debug Code
Development and test API endpoints are present that mirror production functionality...
PT-2026-30215
Development and test API endpoints are present that mirror production functionality...
OpenProject 代码问题漏洞
OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had code vulnerabilities. These vulnerabilities stemmed from SMTP test endpoints and Webhooks, which allowed any host and port value to be accepted, potentially leading to internal network...
authentik 代码注入漏洞
Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.8.6, 2025.10.4, and 2025.12.4 have a code injection vulnerability. This vulnerability allows users with specific permissions to execute arbitrary code through test endpoints...