CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/06/21 2:0 a.m.•8 views

EUVD-2026-38138

A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticateuser of the file litellm/proxy/auth/loginutils.py of the component PROXYADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated...

6.5CVSS6.2AI score0.00262EPSS

Exploits1References5

The Hacker News•added 2026/06/09 6:26 a.m.•11 views

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 CVSS score: 8.7, is a command...

8.8CVSS7.2AI score0.74993EPSS

Exploits1

Snyk•added 2026/05/21 11:46 p.m.•11 views

Incorrect Authorization

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Incorrect Authorization via the /user/update endpoint. An attacker can gain full administrative access by modifying their own userrole field to proxyadmin to escalate...

8.8CVSS5.8AI score0.00518EPSS

Exploits2References2

OSV•added 2026/05/21 9:30 p.m.•2 views

GHSA-WPFP-GWWC-VWQ6 LiteLLM allows a user to modify their own user_role via the /user/update endpoint

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS6.1AI score0.00518EPSS

Exploits2References10

Github Security Blog•added 2026/04/25 11:27 p.m.•59 views

LiteLLM: Authenticated command execution via MCP stdio test endpoints

Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...

8.8CVSS5.7AI score0.74993EPSS

Exploits1References5Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2023-36522

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00676EPSS

Exploits0References1