CVE-2026-35030 LiteLLM has an authentication bypass via OIDC userinfo cache key collision

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.83.0, when JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20...

User Impersonation

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to User Impersonation in the getoidcuserinfo function. An attacker can gain unauthorized access to another user's identity and permissions by crafting a token with the same...

GHSA-JJHC-V7C2-5HH6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision

Impact When JWT authentication is enabled enablejwtauth: true, the OIDC userinfo cache uses token:20 as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. A...

PT-2026-30279

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.0 Description A critical authentication bypass can occur in LiteLLM when JWT authentication is enabled, due to an OIDC userinfo cache key collision. The OIDC userinfo cache uses the first 20 characters of the tok...