42 matches found
CVE-2026-59820
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whos...
CVE-2026-59820 LiteLLM: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whos...
LiteLLM 1.74.2 < 1.83.7 Command Injection Vulnerability (GHSA-v4p8-mg3p-g94g)
The version of the LiteLLM Python package installed on the remote host is 1.74.2 before 1.83.7. It is, therefore, affected by a vulnerability: - From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it â POST /mcp-rest/test/connection and POST...
PYSEC-2026-390 LiteLLM: Authentication bypass via OIDC userinfo cache key collision
Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...
CVE-2026-47102
A flaw was found in LiteLLM. A user with access to the /user/update endpoint can exploit a privilege escalation vulnerability. By modifying their own userrole to proxyadmin, an attacker can gain full administrative access to LiteLLM, including control over all users, teams, keys, models, and prom...
CVE-2026-49468
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...
CVE-2026-49468 LiteLLM: Authentication Bypass via Host Header Injection
LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...
CVE-2026-49468
LiteLLM is a proxy server (AI Gateway) for calling LLM APIs. A host-header parsing flaw could allow authentication bypass by making the auth gate evaluate a different route than dispatched, effectively bypassing access controls under specific conditions. The issue is mitigated by upgrading to 1.8...
PT-2026-50152
Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.84.0 Description A Host-header parsing flaw in the LiteLLM proxy allows unauthenticated access to protected management routes. The authentication layer derives the effective route from request.url.path in the get...
CVE-2026-42271
A flaw was found in LiteLLM, a proxy server AI Gateway for Large Language Model LLM APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user...
PT-2026-45209
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An out-of-bounds read can occur in the iavb parse key data function within avb rsa.c due to improper input validation. This issue allows for local information...
Exploit for SQL Injection in Litellm
CVE-2026-42208 — LiteLLM Pre-Authentication SQL Injection A l...
CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update
LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...
CVE-2026-47102
LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...
EUVD-2026-31346
LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...
CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...
LiteLLM 安全漏洞
LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Versions of LiteLLM prior to 1.83.14 contained a security vulnerability. This vulnerability stemmed from the lack of verification of whether the allowedroutes field was within the user’s...
LiteLLM 安全漏洞
LiteLLM is an open-source application developed by Berri AI. It can utilize all LLM APIs in the OpenAI format. Prior to version 1.83.10, LiteLLM had a security vulnerability. This vulnerability stemmed from the lack of restrictions on the fields that could be modified by the /user and /update...
Exploit for Command Injection in Litellm
CVE-2026-42271 — LiteLLM Authenticated Command Injection via M...
Exploit for CVE-2025-11203
CVE-2025-11203 – LiteLLM Health Endpoint APIKEY Information D...