8 matches found
CVE-2026-12773
A flaw was found in BerriAI litellm, within its MCP Proxy component. A remote attacker could exploit an improper authentication vulnerability in the UserAPIKeyAuth function. This could allow unauthorized access, potentially compromising the confidentiality, integrity, and availability of data...
CVE-2026-12773
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...
CVE-2026-12773
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/experimental/mcpserver/auth/userapikeyauthmcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched...
CVE-2026-12773
Affected software: litellm MCP Proxy (BerriAI) up to version 1.59.8. The vulnerability lies in UserAPIKeyAuth in litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py, where authentication can be bypassed if an invalid token triggers a swallowed 401/403 exception, allowing unauthen...
CVE-2026-12771 BerriAI litellm M2M JWT user_api_key_auth.py improper authorization
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...
EUVD-2026-38137
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/userapikeyauth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is...
CVE-2026-12771
CVE-2026-12771 affects the litellm library by BerriAI up to version 1.82.2, specifically in litellm/proxy/auth/user_api_key_auth.py (M2M JWT Handler). The flaw enables improper authorization via remote exploitation with high attack complexity; public PoC exists. SNYK detaails identify the vulnera...
Insertion of Sensitive Information into Log File
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the userapikeyauthbuilder function, which leaks expired session keys into the authentication error output of other...