Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 9:29 a.m.5 views

CVE-2026-12773

A flaw was found in BerriAI litellm, within its MCP Proxy component. A remote attacker could exploit an improper authentication vulnerability in the UserAPIKeyAuth function. This could allow unauthorized access, potentially compromising the confidentiality, integrity, and availability of data...

9.8CVSS5.8AI score0.00612EPSS
Exploits1References8
NVD
NVD
added 2026/06/21 4:16 a.m.15 views

CVE-2026-12773

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

9.8CVSS0.00612EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/06/21 3:15 a.m.8 views

CVE-2026-12773

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...

7.5CVSS6.7AI score0.00612EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/06/21 3:15 a.m.79 views

CVE-2026-12773

Affected software: litellm MCP Proxy (BerriAI) up to version 1.59.8. The vulnerability lies in UserAPIKeyAuth in litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py, where authentication can be bypassed if an invalid token triggers a swallowed 401/403 exception, allowing unauthen...

9.8CVSS6.7AI score0.00612EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2026/06/21 1:0 a.m.35 views

CVE-2026-12771 BerriAI litellm M2M JWT user_api_key_auth.py improper authorization

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

5CVSS0.00288EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/21 1:0 a.m.10 views

EUVD-2026-38137

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...

5CVSS5.3AI score0.00288EPSS
Exploits1References5
CVE
CVE
added 2026/06/21 1:0 a.m.25 views

CVE-2026-12771

CVE-2026-12771 affects the litellm library by BerriAI up to version 1.82.2, specifically in litellm/proxy/auth/user_api_key_auth.py (M2M JWT Handler). The flaw enables improper authorization via remote exploitation with high attack complexity; public PoC exists. SNYK detaails identify the vulnera...

7.5CVSS5.3AI score0.00288EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/02/01 6:34 a.m.5 views

Insertion of Sensitive Information into Log File

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the userapikeyauthbuilder function, which leaks expired session keys into the authentication error output of other...

5.3CVSS5.5AI score
Exploits0References3
Rows per page
Query Builder