ROOT-APP-PYPI-CVE-2026-0000 CVE-2026-0000 in rootio-litellm - Patched by Root

Root has patched CVE-2026-0000 in the rootio-litellm package for Root:PyPI. Multiple fixed versions available...

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

LiteLLM - Arbitrary File Read

LiteLLM 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts. id: CVE-2026-35029 info: name: LiteLLM - Arbitrary File Read...

LiteLLM - SQL Injection

LiteLLM 1.81.16 to 1.83.7 contains a SQL injection caused by improper handling of caller-supplied key in database query during proxy API key checks, letting unauthenticated attackers read and modify database data, exploit requires crafted Authorization header. id: CVE-2026-42208 info: name: LiteL...

LiteLLM - Server-Side Request Forgery

LiteLLM vulnerable to Server-Side Request Forgery SSRF vulnerability Exposes OpenAI API Keys. id: CVE-2024-6587 info: name: LiteLLM - Server-Side Request Forgery author: pdresearch,iamnoooob,rootxharsh,lambdasawa severity: high description: | LiteLLM vulnerable to Server-Side Request Forgery SSRF...

Exploit for CVE-2026-47102

CVE-2026-47102 – LiteLLM Privilege Escalation via /user/updat...

Exploit for CVE-2026-47101

CVE-2026-47101 — LiteLLM Privilege Escalation via /key/genera...

Incorrect Authorization

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Incorrect Authorization via the allowedroutes field during API key generation. An attacker can gain unauthorized access to restricted routes by specifying routes outside...

CVE-2026-47102

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

CVE-2026-47101

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

CVE-2026-47102 LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

CVE-2026-47101

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

CVE-2026-47101 LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internaluser to create API keys with access to routes that their role does not permit. When generating a key, the allowedroutes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with...

PT-2026-42539

LiteLLM prior to 1.83.10 allows a user to modify their own user role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy...

Exploit for Unprotected Alternate Channel in Litellm

CVE-2026-40217 — LiteLLM Guardrail Sandbox Escape LiteLLM...

Exploit for Improper Authentication in Litellm

CVE-2026-35030 — LiteLLM Authentication Bypass via OIDC Userin...

Exploit for Incorrect Authorization in Litellm

CVE-2026-35029 – LiteLLM /config/update privilege escalation...

Exploit for SQL Injection in Litellm

CVE-2025-45809 – LiteLLM SQL Injection via /key/block Time-...

CVE-2026-42203

A flaw was found in LiteLLM, an AI Gateway. An authenticated user could exploit this by sending a crafted prompt template to the POST /prompts/test endpoint. The endpoint rendered user-supplied prompt templates without proper sandboxing. This could lead to arbitrary code execution within the...

0xpwn (=0.1.1), a-simple-llm-kit (>=0.3.0 <=0.4.2) +711 more potentially affected by CVE-2026-40217 via litellm (>=1.81.8 <=1.83.1)

litellm PYPI version =1.81.8, =0.3.0, =0.0.1a0, =0.6.0, =0.7.3, =0.1.0, =0.1.1, =0.4.0, =0.4.3 and more Source cves: CVE-2026-40217 Source advisory: OSV:GHSA-WXXX-GVQV-XP7P...