Lucene search
K

5 matches found

NVD
NVD
added 2026/06/22 9:16 p.m.12 views

CVE-2026-49468

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from...

9.8CVSS0.00559EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50152

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.84.0 Description A Host-header parsing flaw in the LiteLLM proxy allows unauthenticated access to protected management routes. The authentication layer derives the effective route from request.url.path in the get...

9.8CVSS5.8AI score0.00559EPSS
Exploits1References16
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.14 views

CVE-2026-42271

A flaw was found in LiteLLM, a proxy server AI Gateway for Large Language Model LLM APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user...

8.8CVSS5.8AI score0.80188EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.23 views

PT-2026-45209

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An out-of-bounds read can occur in the iavb parse key data function within avb rsa.c due to improper input validation. This issue allows for local information...

3.3CVSS5.5AI score0.00069EPSS
Exploits0References6
CVE
CVE
added 2026/05/08 3:38 a.m.405 views

CVE-2026-42208

LiteLLM proxy (AI Gateway) versions 1.81.16–1.83.6 suffer a SQL injection in the proxy API key verification path where the caller-supplied key is interpolated into a SQL query during error handling. An unauthenticated attacker can send a crafted Authorization header to LLM routes (e.g., POST /cha...

9.8CVSS6AI score0.86607EPSS
In wildExploits7References6Affected Software1
Rows per page
Query Builder