Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    78 vulnerabilities by berriai

    CVE-2026-59822 (GCVE-0-2026-59822)

    Vulnerability from nvd – Published: 2026-07-08 19:32 – Updated: 2026-07-09 14:31
    VLAI
    Title
    LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key validation with an empty UserAPIKeyAuth() object, allowing requests to reach MCP tooling without a valid LiteLLM key. This issue is fixed in version 1.84.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: < 1.84.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59822",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:31:02.315980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:31:08.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.84.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, LiteLLM\u0027s MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key validation with an empty UserAPIKeyAuth() object, allowing requests to reach MCP tooling without a valid LiteLLM key. This issue is fixed in version 1.84.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:32:18.611Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-7488-6r32-c95q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-7488-6r32-c95q"
            },
            {
              "name": "https://github.com/BerriAI/litellm/pull/26463",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/pull/26463"
            },
            {
              "name": "https://github.com/BerriAI/litellm/commit/73869f0faf7d11ee21adcb5f91b8c33a340b6c2c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/commit/73869f0faf7d11ee21adcb5f91b8c33a340b6c2c"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0"
            }
          ],
          "source": {
            "advisory": "GHSA-7488-6r32-c95q",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59822",
        "datePublished": "2026-07-08T19:32:18.611Z",
        "dateReserved": "2026-07-07T15:00:50.978Z",
        "dateUpdated": "2026-07-09T14:31:08.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59821 (GCVE-0-2026-59821)

    Vulnerability from nvd – Published: 2026-07-08 19:14 – Updated: 2026-07-09 14:38
    VLAI
    Title
    LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to create or update guardrails to submit custom Python code that executed in the LiteLLM proxy environment and could expose secrets available to the process. This issue is fixed in version 1.82.0-stable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: < 1.82.0-stable
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59821",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:38:04.002799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:38:09.991Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.82.0-stable"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.82.0-stable, LiteLLM\u0027s Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to create or update guardrails to submit custom Python code that executed in the LiteLLM proxy environment and could expose secrets available to the process. This issue is fixed in version 1.82.0-stable."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:14:13.265Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-72m8-9m7m-h278",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-72m8-9m7m-h278"
            },
            {
              "name": "https://github.com/BerriAI/litellm/commit/e50b4486d0f7aa0497185a1ebcdd2c91f1769eba",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/commit/e50b4486d0f7aa0497185a1ebcdd2c91f1769eba"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.82.0-stable",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.82.0-stable"
            }
          ],
          "source": {
            "advisory": "GHSA-72m8-9m7m-h278",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59821",
        "datePublished": "2026-07-08T19:14:13.265Z",
        "dateReserved": "2026-07-07T15:00:50.978Z",
        "dateUpdated": "2026-07-09T14:38:09.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59820 (GCVE-0-2026-59820)

    Vulnerability from nvd – Published: 2026-07-08 19:32 – Updated: 2026-07-09 14:37
    VLAI
    Title
    LiteLLM: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whose allowed_routes includes /v1/skills, anthropic_routes, or llm_api_routes to upload a crafted skill archive containing path traversal entries that could be written outside the intended extraction or staging directory. This issue is fixed in version 1.83.7-stable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: < 1.83.7-stable
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59820",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:36:59.709906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:37:09.457Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.83.7-stable"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whose allowed_routes includes /v1/skills, anthropic_routes, or llm_api_routes to upload a crafted skill archive containing path traversal entries that could be written outside the intended extraction or staging directory. This issue is fixed in version 1.83.7-stable."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:32:11.739Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-5jmr-gcrj-2c9q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-5jmr-gcrj-2c9q"
            },
            {
              "name": "https://github.com/BerriAI/litellm/pull/25475",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/pull/25475"
            },
            {
              "name": "https://github.com/BerriAI/litellm/commit/6a15adcd64137d37f73dee76dfe7481f8c2d9196",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/commit/6a15adcd64137d37f73dee76dfe7481f8c2d9196"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable"
            }
          ],
          "source": {
            "advisory": "GHSA-5jmr-gcrj-2c9q",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59820",
        "datePublished": "2026-07-08T19:32:11.739Z",
        "dateReserved": "2026-07-07T15:00:50.978Z",
        "dateUpdated": "2026-07-09T14:37:09.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59819 (GCVE-0-2026-59819)

    Vulnerability from nvd – Published: 2026-07-08 19:33 – Updated: 2026-07-09 14:30
    VLAI
    Title
    LiteLLM: Local file read via request-supplied OIDC file references
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM's /health/test_connection endpoint resolved request-supplied environment and OIDC file references in litellm_params, allowing a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: < 1.83.10-stable
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59819",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:30:04.946174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:30:14.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.83.10-stable"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM\u0027s /health/test_connection endpoint resolved request-supplied environment and OIDC file references in litellm_params, allowing a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:33:32.816Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4g5m-c9r5-49xf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4g5m-c9r5-49xf"
            },
            {
              "name": "https://github.com/BerriAI/litellm/pull/25592",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/pull/25592"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stable",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stable"
            }
          ],
          "source": {
            "advisory": "GHSA-4g5m-c9r5-49xf",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Local file read via request-supplied OIDC file references"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59819",
        "datePublished": "2026-07-08T19:33:32.816Z",
        "dateReserved": "2026-07-07T15:00:50.978Z",
        "dateUpdated": "2026-07-09T14:30:14.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49468 (GCVE-0-2026-49468)

    Vulnerability from nvd – Published: 2026-06-22 20:37 – Updated: 2026-07-08 19:32
    VLAI
    Title
    LiteLLM: Authentication Bypass via Host Header Injection
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. This vulnerability is fixed in 1.84.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:03.985Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:exploit_intelligence:0"
                ],
                "defaultStatus": "affected",
                "product": "Exploit Intelligence",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-22T20:37:14.494Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in LiteLLM, a proxy server (AI Gateway) used to call Large Language Model (LLM) APIs. A remote attacker could exploit a Host-header parsing vulnerability in the proxy authentication layer. By sending a crafted Host header, an attacker could gain unauthenticated access to protected management routes, potentially leading to full system compromise."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-290",
                    "description": "Authentication Bypass by Spoofing",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:09:55.893Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-49468"
              },
              {
                "name": "RHBZ#2491520",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491520"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49468.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-22T21:01:03.552Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-22T20:37:14.494Z",
                "value": "Made public."
              }
            ],
            "title": "litellm: LiteLLM: Authentication Bypass via Host Header Injection",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate the risk of unauthenticated access, restrict network access to the LiteLLM proxy\u0027s management routes. Configure network firewalls or security groups to permit inbound connections only from trusted internal networks. This operational control limits the exposure of vulnerable endpoints to unauthorized external access. If the LiteLLM proxy is deployed behind a load balancer or API gateway, ensure these components are configured to strictly validate and sanitize the HTTP Host header before forwarding requests."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.84.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. This vulnerability is fixed in 1.84.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290: Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:32:42.245Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4xpc-pv4p-pm3w",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4xpc-pv4p-pm3w"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0"
            }
          ],
          "source": {
            "advisory": "GHSA-4xpc-pv4p-pm3w",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Authentication Bypass via Host Header Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-49468",
        "datePublished": "2026-06-22T20:37:14.494Z",
        "dateReserved": "2026-05-30T04:17:43.094Z",
        "dateUpdated": "2026-07-08T19:32:42.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12799 (GCVE-0-2026-12799)

    Vulnerability from nvd – Published: 2026-06-21 10:00 – Updated: 2026-06-22 16:17
    VLAI
    Title
    BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization
    Summary
    A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372561 vdb-entrytechnical-description
    https://vuldb.com/vuln/372561/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12799 third-party-advisory
    https://vuldb.com/submit/811291 third-party-advisory
    https://gist.github.com/YLChen-007/3ace22e33e468d… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-d (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12799",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:16:34.425795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:17:02.857Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/811291"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Incomplete Fix CVE-2025-0628"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-d (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T10:00:08.928Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372561 | BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372561"
            },
            {
              "name": "VDB-372561 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372561/cti"
            },
            {
              "name": "CVE-2026-12799 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12799"
            },
            {
              "name": "Submit #811291 | litellm \u003c= 1.82.2 Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811291"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/3ace22e33e468d0166fe609c9fdf4184"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:42.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12799",
        "datePublished": "2026-06-21T10:00:08.928Z",
        "dateReserved": "2026-06-20T17:12:23.228Z",
        "dateUpdated": "2026-06-22T16:17:02.857Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12798 (GCVE-0-2026-12798)

    Vulnerability from nvd – Published: 2026-06-21 09:30 – Updated: 2026-06-22 17:14
    VLAI
    Title
    BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery
    Summary
    A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372560 vdb-entrytechnical-description
    https://vuldb.com/vuln/372560/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12798 third-party-advisory
    https://vuldb.com/submit/811290 third-party-advisory
    https://gist.github.com/YLChen-007/c1104c52997569… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12798",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:14:11.598867Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T17:14:45.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "MCP OpenAPI Spec Loader"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T09:30:08.242Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372560 | BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372560"
            },
            {
              "name": "VDB-372560 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372560/cti"
            },
            {
              "name": "CVE-2026-12798 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12798"
            },
            {
              "name": "Submit #811290 | litellm latest Server-Side Request Forgery (SSRF) (CWE-918)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811290"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/c1104c529975699ba347feedfbe02c5a"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12798",
        "datePublished": "2026-06-21T09:30:08.242Z",
        "dateReserved": "2026-06-20T17:12:20.743Z",
        "dateUpdated": "2026-06-22T17:14:45.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12797 (GCVE-0-2026-12797)

    Vulnerability from nvd – Published: 2026-06-21 09:15 – Updated: 2026-06-22 13:35
    VLAI
    Title
    BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization
    Summary
    A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372559 vdb-entrytechnical-description
    https://vuldb.com/vuln/372559/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12797 third-party-advisory
    https://vuldb.com/submit/811288 third-party-advisory
    https://gist.github.com/YLChen-007/078179224f07cc… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
    Affected: 1.82.3
    Affected: 1.82.4
    Affected: 1.82.5
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12797",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T13:35:34.363730Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T13:35:44.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Completions Interface"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                },
                {
                  "status": "affected",
                  "version": "1.82.3"
                },
                {
                  "status": "affected",
                  "version": "1.82.4"
                },
                {
                  "status": "affected",
                  "version": "1.82.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T09:15:08.592Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372559 | BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372559"
            },
            {
              "name": "VDB-372559 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372559/cti"
            },
            {
              "name": "CVE-2026-12797 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12797"
            },
            {
              "name": "Submit #811288 | litellm \u003c= 1.82.5 Incorrect Authorization (CWE-863)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811288"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/078179224f07cc4e39e4f141a18c817a"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12797",
        "datePublished": "2026-06-21T09:15:08.592Z",
        "dateReserved": "2026-06-20T17:12:18.055Z",
        "dateUpdated": "2026-06-22T13:35:44.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12796 (GCVE-0-2026-12796)

    Vulnerability from nvd – Published: 2026-06-21 09:00 – Updated: 2026-06-22 18:12
    VLAI
    Title
    BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration
    Summary
    A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372558 vdb-entrytechnical-description
    https://vuldb.com/vuln/372558/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12796 third-party-advisory
    https://vuldb.com/submit/811287 third-party-advisory
    https://gist.github.com/YLChen-007/5fa8af12e1b183… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12796",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T18:07:39.063864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T18:12:18.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "SSO Authentication Flow"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T09:00:09.028Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372558 | BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372558"
            },
            {
              "name": "VDB-372558 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372558/cti"
            },
            {
              "name": "CVE-2026-12796 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12796"
            },
            {
              "name": "Submit #811287 | litellm \u003c= 1.82.2 Insufficient Session Expiration (CWE-613)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811287"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/5fa8af12e1b183674d7ca96d852fb697"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:33.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12796",
        "datePublished": "2026-06-21T09:00:09.028Z",
        "dateReserved": "2026-06-20T17:12:15.581Z",
        "dateUpdated": "2026-06-22T18:12:18.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12795 (GCVE-0-2026-12795)

    Vulnerability from nvd – Published: 2026-06-21 08:30 – Updated: 2026-06-23 02:45
    VLAI
    Title
    BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication
    Summary
    A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372557 vdb-entrytechnical-description
    https://vuldb.com/vuln/372557/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12795 third-party-advisory
    https://vuldb.com/submit/811286 third-party-advisory
    https://gist.github.com/YLChen-007/9b13c75a3a7318… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12795",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T02:44:53.768634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T02:45:05.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "SSO Debug Flow"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T08:30:07.820Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372557 | BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372557"
            },
            {
              "name": "VDB-372557 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372557/cti"
            },
            {
              "name": "CVE-2026-12795 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12795"
            },
            {
              "name": "Submit #811286 | litellm \u003c= 1.82.2 Missing Authentication for Critical Function (CWE-306)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811286"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/9b13c75a3a73187a4082cc6df0b100d3"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:30.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12795",
        "datePublished": "2026-06-21T08:30:07.820Z",
        "dateReserved": "2026-06-20T17:12:12.975Z",
        "dateUpdated": "2026-06-23T02:45:05.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12774 (GCVE-0-2026-12774)

    Vulnerability from nvd – Published: 2026-06-21 03:45 – Updated: 2026-06-22 10:57
    VLAI
    Title
    BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery
    Summary
    A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372516 vdb-entrytechnical-description
    https://vuldb.com/vuln/372516/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12774 third-party-advisory
    https://vuldb.com/submit/811285 third-party-advisory
    https://gist.github.com/YLChen-007/256c8ff0750e29… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12774",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T10:57:26.092177Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T10:57:42.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "MCP Server Connection Testing"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T03:45:06.835Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372516 | BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372516"
            },
            {
              "name": "VDB-372516 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372516/cti"
            },
            {
              "name": "CVE-2026-12774 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12774"
            },
            {
              "name": "Submit #811285 | litellm \u003c= 1.82.2 Server-Side Request Forgery (SSRF) (CWE-918)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811285"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T11:31:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12774",
        "datePublished": "2026-06-21T03:45:06.835Z",
        "dateReserved": "2026-06-20T09:26:29.098Z",
        "dateUpdated": "2026-06-22T10:57:42.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12773 (GCVE-0-2026-12773)

    Vulnerability from nvd – Published: 2026-06-21 03:15 – Updated: 2026-06-30 12:06
    VLAI
    Title
    BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication
    Summary
    A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-303 - Incorrect Implementation of Authentication Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.59.0
    Affected: 1.59.1
    Affected: 1.59.2
    Affected: 1.59.3
    Affected: 1.59.4
    Affected: 1.59.5
    Affected: 1.59.6
    Affected: 1.59.7
    Affected: 1.59.8
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Red Hat Exploit Intelligence     cpe:/a:redhat:exploit_intelligence:0
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12773",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:55:49.325110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T17:56:03.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/811282"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:exploit_intelligence:0"
                ],
                "defaultStatus": "affected",
                "product": "Exploit Intelligence",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-21T03:15:08.647Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in BerriAI litellm, within its MCP Proxy component. A remote attacker could exploit an improper authentication vulnerability in the UserAPIKeyAuth function. This could allow unauthorized access, potentially compromising the confidentiality, integrity, and availability of data within the system."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-303",
                    "description": "Incorrect Implementation of Authentication Algorithm",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:53.325Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-12773"
              },
              {
                "name": "RHBZ#2491112",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491112"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12773.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-21T04:00:49.686Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-21T03:15:08.647Z",
                "value": "Made public."
              }
            ],
            "title": "litellm: BerriAI litellm: Improper authentication in MCP Proxy via UserAPIKeyAuth function",
            "workarounds": [
              {
                "lang": "en",
                "value": "Upgrade to litellm 1.81.16 or later. As a workaround, do not configure backend MCP servers with allow_all_keys: true, and restrict network access to the LiteLLM MCP proxy endpoints."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "MCP Proxy"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.59.0"
                },
                {
                  "status": "affected",
                  "version": "1.59.1"
                },
                {
                  "status": "affected",
                  "version": "1.59.2"
                },
                {
                  "status": "affected",
                  "version": "1.59.3"
                },
                {
                  "status": "affected",
                  "version": "1.59.4"
                },
                {
                  "status": "affected",
                  "version": "1.59.5"
                },
                {
                  "status": "affected",
                  "version": "1.59.6"
                },
                {
                  "status": "affected",
                  "version": "1.59.7"
                },
                {
                  "status": "affected",
                  "version": "1.59.8"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T03:15:08.647Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372515 | BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372515"
            },
            {
              "name": "VDB-372515 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372515/cti"
            },
            {
              "name": "CVE-2026-12773 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12773"
            },
            {
              "name": "Submit #811282 | litellm \u003c= 1.59.8 Improper Authentication (CWE-287)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811282"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/3cfaad10a69d7a15e4d4d458cb53309e"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T11:31:42.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12773",
        "datePublished": "2026-06-21T03:15:08.647Z",
        "dateReserved": "2026-06-20T09:26:26.143Z",
        "dateUpdated": "2026-06-30T12:06:53.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12772 (GCVE-0-2026-12772)

    Vulnerability from nvd – Published: 2026-06-21 02:00 – Updated: 2026-06-22 17:20
    VLAI
    Title
    BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration
    Summary
    A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372514 vdb-entrytechnical-description
    https://vuldb.com/vuln/372514/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12772 third-party-advisory
    https://vuldb.com/submit/811281 third-party-advisory
    https://gist.github.com/YLChen-007/39ed709ce32243… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12772",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:20:15.086018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T17:20:24.396Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "PROXY_ADMIN database API Key Generator"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T02:00:08.882Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372514 | BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372514"
            },
            {
              "name": "VDB-372514 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372514/cti"
            },
            {
              "name": "CVE-2026-12772 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12772"
            },
            {
              "name": "Submit #811281 | litellm \u003c= 1.82.2 Insufficient Session Expiration (CWE-613)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811281"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/39ed709ce322431658a05b951e91f278"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T11:31:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12772",
        "datePublished": "2026-06-21T02:00:08.882Z",
        "dateReserved": "2026-06-20T09:26:23.462Z",
        "dateUpdated": "2026-06-22T17:20:24.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12771 (GCVE-0-2026-12771)

    Vulnerability from nvd – Published: 2026-06-21 01:00 – Updated: 2026-06-22 13:33
    VLAI
    Title
    BerriAI litellm M2M JWT user_api_key_auth.py improper authorization
    Summary
    A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12771",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T13:32:58.469818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T13:33:10.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "M2M JWT Handler"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.6,
                "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T01:00:12.198Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372513 | BerriAI litellm M2M JWT user_api_key_auth.py improper authorization",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/372513"
            },
            {
              "name": "VDB-372513 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372513/cti"
            },
            {
              "name": "CVE-2026-12771 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12771"
            },
            {
              "name": "Submit #811280 | litellm \u003c= 1.82.2 Improper Authorization (CWE-285)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811280"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/70e4e106527f74ddf17953ff0f6c248d"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T11:31:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm M2M JWT user_api_key_auth.py improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12771",
        "datePublished": "2026-06-21T01:00:12.198Z",
        "dateReserved": "2026-06-20T09:26:20.566Z",
        "dateUpdated": "2026-06-22T13:33:10.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12770 (GCVE-0-2026-12770)

    Vulnerability from nvd – Published: 2026-06-21 00:15 – Updated: 2026-06-22 18:12
    VLAI
    Title
    BerriAI litellm Admin Key key_management_endpoints.py improper authorization
    Summary
    A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.63.0
    Affected: 1.63.1
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12770",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:55:24.067237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T18:12:38.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Admin Key Handler"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.63.0"
                },
                {
                  "status": "affected",
                  "version": "1.63.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T04:30:35.530Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372512 | BerriAI litellm Admin Key key_management_endpoints.py improper authorization",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/372512"
            },
            {
              "name": "VDB-372512 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372512/cti"
            },
            {
              "name": "CVE-2026-12770 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12770"
            },
            {
              "name": "Submit #811279 | litellm \u003c= 1.63.1 Improper Authorization (CWE-285)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811279"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/993c68152b2c770d53590f1684c755d4"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/BerriAI/litellm/pull/23781"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/BerriAI/litellm/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-21T06:35:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm Admin Key key_management_endpoints.py improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12770",
        "datePublished": "2026-06-21T00:15:08.657Z",
        "dateReserved": "2026-06-20T09:26:17.378Z",
        "dateUpdated": "2026-06-22T18:12:38.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59819 (GCVE-0-2026-59819)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:33 – Updated: 2026-07-09 14:30
    VLAI
    Title
    LiteLLM: Local file read via request-supplied OIDC file references
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM's /health/test_connection endpoint resolved request-supplied environment and OIDC file references in litellm_params, allowing a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: < 1.83.10-stable
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59819",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:30:04.946174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:30:14.779Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.83.10-stable"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM\u0027s /health/test_connection endpoint resolved request-supplied environment and OIDC file references in litellm_params, allowing a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:33:32.816Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4g5m-c9r5-49xf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4g5m-c9r5-49xf"
            },
            {
              "name": "https://github.com/BerriAI/litellm/pull/25592",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/pull/25592"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stable",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stable"
            }
          ],
          "source": {
            "advisory": "GHSA-4g5m-c9r5-49xf",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Local file read via request-supplied OIDC file references"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59819",
        "datePublished": "2026-07-08T19:33:32.816Z",
        "dateReserved": "2026-07-07T15:00:50.978Z",
        "dateUpdated": "2026-07-09T14:30:14.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59822 (GCVE-0-2026-59822)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:32 – Updated: 2026-07-09 14:31
    VLAI
    Title
    LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, LiteLLM's MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key validation with an empty UserAPIKeyAuth() object, allowing requests to reach MCP tooling without a valid LiteLLM key. This issue is fixed in version 1.84.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: < 1.84.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59822",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:31:02.315980Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:31:08.962Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.84.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, LiteLLM\u0027s MCP Streamable HTTP endpoint allowed an unauthenticated attacker to use a fabricated Authorization header to trigger an OAuth2 passthrough fallback path that replaced failed LiteLLM key validation with an empty UserAPIKeyAuth() object, allowing requests to reach MCP tooling without a valid LiteLLM key. This issue is fixed in version 1.84.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287: Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:32:18.611Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-7488-6r32-c95q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-7488-6r32-c95q"
            },
            {
              "name": "https://github.com/BerriAI/litellm/pull/26463",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/pull/26463"
            },
            {
              "name": "https://github.com/BerriAI/litellm/commit/73869f0faf7d11ee21adcb5f91b8c33a340b6c2c",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/commit/73869f0faf7d11ee21adcb5f91b8c33a340b6c2c"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0"
            }
          ],
          "source": {
            "advisory": "GHSA-7488-6r32-c95q",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: MCP Authentication Bypass via OAuth2 Passthrough Fallback"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59822",
        "datePublished": "2026-07-08T19:32:18.611Z",
        "dateReserved": "2026-07-07T15:00:50.978Z",
        "dateUpdated": "2026-07-09T14:31:08.962Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59820 (GCVE-0-2026-59820)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:32 – Updated: 2026-07-09 14:37
    VLAI
    Title
    LiteLLM: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whose allowed_routes includes /v1/skills, anthropic_routes, or llm_api_routes to upload a crafted skill archive containing path traversal entries that could be written outside the intended extraction or staging directory. This issue is fixed in version 1.83.7-stable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: < 1.83.7-stable
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59820",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:36:59.709906Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:37:09.457Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.83.7-stable"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whose allowed_routes includes /v1/skills, anthropic_routes, or llm_api_routes to upload a crafted skill archive containing path traversal entries that could be written outside the intended extraction or staging directory. This issue is fixed in version 1.83.7-stable."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:32:11.739Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-5jmr-gcrj-2c9q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-5jmr-gcrj-2c9q"
            },
            {
              "name": "https://github.com/BerriAI/litellm/pull/25475",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/pull/25475"
            },
            {
              "name": "https://github.com/BerriAI/litellm/commit/6a15adcd64137d37f73dee76dfe7481f8c2d9196",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/commit/6a15adcd64137d37f73dee76dfe7481f8c2d9196"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable"
            }
          ],
          "source": {
            "advisory": "GHSA-5jmr-gcrj-2c9q",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59820",
        "datePublished": "2026-07-08T19:32:11.739Z",
        "dateReserved": "2026-07-07T15:00:50.978Z",
        "dateUpdated": "2026-07-09T14:37:09.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-59821 (GCVE-0-2026-59821)

    Vulnerability from cvelistv5 – Published: 2026-07-08 19:14 – Updated: 2026-07-09 14:38
    VLAI
    Title
    LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to create or update guardrails to submit custom Python code that executed in the LiteLLM proxy environment and could expose secrets available to the process. This issue is fixed in version 1.82.0-stable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: < 1.82.0-stable
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-59821",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:38:04.002799Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:38:09.991Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.82.0-stable"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.82.0-stable, LiteLLM\u0027s Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to create or update guardrails to submit custom Python code that executed in the LiteLLM proxy environment and could expose secrets available to the process. This issue is fixed in version 1.82.0-stable."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 2.1,
                "baseSeverity": "LOW",
                "privilegesRequired": "HIGH",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:14:13.265Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-72m8-9m7m-h278",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-72m8-9m7m-h278"
            },
            {
              "name": "https://github.com/BerriAI/litellm/commit/e50b4486d0f7aa0497185a1ebcdd2c91f1769eba",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/commit/e50b4486d0f7aa0497185a1ebcdd2c91f1769eba"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.82.0-stable",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.82.0-stable"
            }
          ],
          "source": {
            "advisory": "GHSA-72m8-9m7m-h278",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Custom Code Guardrails production endpoints bypass code safety checks"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-59821",
        "datePublished": "2026-07-08T19:14:13.265Z",
        "dateReserved": "2026-07-07T15:00:50.978Z",
        "dateUpdated": "2026-07-09T14:38:09.991Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49468 (GCVE-0-2026-49468)

    Vulnerability from cvelistv5 – Published: 2026-06-22 20:37 – Updated: 2026-07-08 19:32
    VLAI
    Title
    LiteLLM: Authentication Bypass via Host Header Injection
    Summary
    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. This vulnerability is fixed in 1.84.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-49468",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-24T03:56:03.985Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:exploit_intelligence:0"
                ],
                "defaultStatus": "affected",
                "product": "Exploit Intelligence",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-22T20:37:14.494Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in LiteLLM, a proxy server (AI Gateway) used to call Large Language Model (LLM) APIs. A remote attacker could exploit a Host-header parsing vulnerability in the proxy authentication layer. By sending a crafted Host header, an attacker could gain unauthenticated access to protected management routes, potentially leading to full system compromise."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-290",
                    "description": "Authentication Bypass by Spoofing",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:09:55.893Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-49468"
              },
              {
                "name": "RHBZ#2491520",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491520"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49468.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-22T21:01:03.552Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-22T20:37:14.494Z",
                "value": "Made public."
              }
            ],
            "title": "litellm: LiteLLM: Authentication Bypass via Host Header Injection",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate the risk of unauthenticated access, restrict network access to the LiteLLM proxy\u0027s management routes. Configure network firewalls or security groups to permit inbound connections only from trusted internal networks. This operational control limits the exposure of vulnerable endpoints to unauthorized external access. If the LiteLLM proxy is deployed behind a load balancer or API gateway, ensure these components are configured to strictly validate and sanitize the HTTP Host header before forwarding requests."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.84.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. This vulnerability is fixed in 1.84.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290: Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-08T19:32:42.245Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4xpc-pv4p-pm3w",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-4xpc-pv4p-pm3w"
            },
            {
              "name": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/BerriAI/litellm/releases/tag/v1.84.0"
            }
          ],
          "source": {
            "advisory": "GHSA-4xpc-pv4p-pm3w",
            "discovery": "UNKNOWN"
          },
          "title": "LiteLLM: Authentication Bypass via Host Header Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-49468",
        "datePublished": "2026-06-22T20:37:14.494Z",
        "dateReserved": "2026-05-30T04:17:43.094Z",
        "dateUpdated": "2026-07-08T19:32:42.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12799 (GCVE-0-2026-12799)

    Vulnerability from cvelistv5 – Published: 2026-06-21 10:00 – Updated: 2026-06-22 16:17
    VLAI
    Title
    BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization
    Summary
    A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372561 vdb-entrytechnical-description
    https://vuldb.com/vuln/372561/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12799 third-party-advisory
    https://vuldb.com/submit/811291 third-party-advisory
    https://gist.github.com/YLChen-007/3ace22e33e468d… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-d (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12799",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T16:16:34.425795Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T16:17:02.857Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/811291"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Incomplete Fix CVE-2025-0628"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-d (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T10:00:08.928Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372561 | BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372561"
            },
            {
              "name": "VDB-372561 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372561/cti"
            },
            {
              "name": "CVE-2026-12799 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12799"
            },
            {
              "name": "Submit #811291 | litellm \u003c= 1.82.2 Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811291"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/3ace22e33e468d0166fe609c9fdf4184"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:42.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12799",
        "datePublished": "2026-06-21T10:00:08.928Z",
        "dateReserved": "2026-06-20T17:12:23.228Z",
        "dateUpdated": "2026-06-22T16:17:02.857Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12798 (GCVE-0-2026-12798)

    Vulnerability from cvelistv5 – Published: 2026-06-21 09:30 – Updated: 2026-06-22 17:14
    VLAI
    Title
    BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery
    Summary
    A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372560 vdb-entrytechnical-description
    https://vuldb.com/vuln/372560/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12798 third-party-advisory
    https://vuldb.com/submit/811290 third-party-advisory
    https://gist.github.com/YLChen-007/c1104c52997569… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12798",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:14:11.598867Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T17:14:45.929Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "MCP OpenAPI Spec Loader"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T09:30:08.242Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372560 | BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372560"
            },
            {
              "name": "VDB-372560 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372560/cti"
            },
            {
              "name": "CVE-2026-12798 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12798"
            },
            {
              "name": "Submit #811290 | litellm latest Server-Side Request Forgery (SSRF) (CWE-918)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811290"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/c1104c529975699ba347feedfbe02c5a"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12798",
        "datePublished": "2026-06-21T09:30:08.242Z",
        "dateReserved": "2026-06-20T17:12:20.743Z",
        "dateUpdated": "2026-06-22T17:14:45.929Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12797 (GCVE-0-2026-12797)

    Vulnerability from cvelistv5 – Published: 2026-06-21 09:15 – Updated: 2026-06-22 13:35
    VLAI
    Title
    BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization
    Summary
    A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372559 vdb-entrytechnical-description
    https://vuldb.com/vuln/372559/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12797 third-party-advisory
    https://vuldb.com/submit/811288 third-party-advisory
    https://gist.github.com/YLChen-007/078179224f07cc… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
    Affected: 1.82.3
    Affected: 1.82.4
    Affected: 1.82.5
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12797",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T13:35:34.363730Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T13:35:44.784Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Completions Interface"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                },
                {
                  "status": "affected",
                  "version": "1.82.3"
                },
                {
                  "status": "affected",
                  "version": "1.82.4"
                },
                {
                  "status": "affected",
                  "version": "1.82.5"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T09:15:08.592Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372559 | BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372559"
            },
            {
              "name": "VDB-372559 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372559/cti"
            },
            {
              "name": "CVE-2026-12797 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12797"
            },
            {
              "name": "Submit #811288 | litellm \u003c= 1.82.5 Incorrect Authorization (CWE-863)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811288"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/078179224f07cc4e39e4f141a18c817a"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12797",
        "datePublished": "2026-06-21T09:15:08.592Z",
        "dateReserved": "2026-06-20T17:12:18.055Z",
        "dateUpdated": "2026-06-22T13:35:44.784Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12796 (GCVE-0-2026-12796)

    Vulnerability from cvelistv5 – Published: 2026-06-21 09:00 – Updated: 2026-06-22 18:12
    VLAI
    Title
    BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration
    Summary
    A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372558 vdb-entrytechnical-description
    https://vuldb.com/vuln/372558/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12796 third-party-advisory
    https://vuldb.com/submit/811287 third-party-advisory
    https://gist.github.com/YLChen-007/5fa8af12e1b183… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12796",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T18:07:39.063864Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T18:12:18.953Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "SSO Authentication Flow"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T09:00:09.028Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372558 | BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372558"
            },
            {
              "name": "VDB-372558 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372558/cti"
            },
            {
              "name": "CVE-2026-12796 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12796"
            },
            {
              "name": "Submit #811287 | litellm \u003c= 1.82.2 Insufficient Session Expiration (CWE-613)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811287"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/5fa8af12e1b183674d7ca96d852fb697"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:33.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12796",
        "datePublished": "2026-06-21T09:00:09.028Z",
        "dateReserved": "2026-06-20T17:12:15.581Z",
        "dateUpdated": "2026-06-22T18:12:18.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12795 (GCVE-0-2026-12795)

    Vulnerability from cvelistv5 – Published: 2026-06-21 08:30 – Updated: 2026-06-23 02:45
    VLAI
    Title
    BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication
    Summary
    A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372557 vdb-entrytechnical-description
    https://vuldb.com/vuln/372557/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12795 third-party-advisory
    https://vuldb.com/submit/811286 third-party-advisory
    https://gist.github.com/YLChen-007/9b13c75a3a7318… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12795",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-23T02:44:53.768634Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-23T02:45:05.398Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "SSO Debug Flow"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "Missing Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T08:30:07.820Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372557 | BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372557"
            },
            {
              "name": "VDB-372557 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372557/cti"
            },
            {
              "name": "CVE-2026-12795 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12795"
            },
            {
              "name": "Submit #811286 | litellm \u003c= 1.82.2 Missing Authentication for Critical Function (CWE-306)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811286"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/9b13c75a3a73187a4082cc6df0b100d3"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T19:17:30.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12795",
        "datePublished": "2026-06-21T08:30:07.820Z",
        "dateReserved": "2026-06-20T17:12:12.975Z",
        "dateUpdated": "2026-06-23T02:45:05.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12774 (GCVE-0-2026-12774)

    Vulnerability from cvelistv5 – Published: 2026-06-21 03:45 – Updated: 2026-06-22 10:57
    VLAI
    Title
    BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery
    Summary
    A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372516 vdb-entrytechnical-description
    https://vuldb.com/vuln/372516/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12774 third-party-advisory
    https://vuldb.com/submit/811285 third-party-advisory
    https://gist.github.com/YLChen-007/256c8ff0750e29… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12774",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T10:57:26.092177Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T10:57:42.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "MCP Server Connection Testing"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "Server-Side Request Forgery",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T03:45:06.835Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372516 | BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372516"
            },
            {
              "name": "VDB-372516 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372516/cti"
            },
            {
              "name": "CVE-2026-12774 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12774"
            },
            {
              "name": "Submit #811285 | litellm \u003c= 1.82.2 Server-Side Request Forgery (SSRF) (CWE-918)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811285"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T11:31:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12774",
        "datePublished": "2026-06-21T03:45:06.835Z",
        "dateReserved": "2026-06-20T09:26:29.098Z",
        "dateUpdated": "2026-06-22T10:57:42.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12773 (GCVE-0-2026-12773)

    Vulnerability from cvelistv5 – Published: 2026-06-21 03:15 – Updated: 2026-06-30 12:06
    VLAI
    Title
    BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication
    Summary
    A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    • CWE-303 - Incorrect Implementation of Authentication Algorithm
    Assigner
    References
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.59.0
    Affected: 1.59.1
    Affected: 1.59.2
    Affected: 1.59.3
    Affected: 1.59.4
    Affected: 1.59.5
    Affected: 1.59.6
    Affected: 1.59.7
    Affected: 1.59.8
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Red Hat Exploit Intelligence     cpe:/a:redhat:exploit_intelligence:0
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12773",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:55:49.325110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T17:56:03.365Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://vuldb.com/submit/811282"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:exploit_intelligence:0"
                ],
                "defaultStatus": "affected",
                "product": "Exploit Intelligence",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-06-21T03:15:08.647Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in BerriAI litellm, within its MCP Proxy component. A remote attacker could exploit an improper authentication vulnerability in the UserAPIKeyAuth function. This could allow unauthorized access, potentially compromising the confidentiality, integrity, and availability of data within the system."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-303",
                    "description": "Incorrect Implementation of Authentication Algorithm",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:53.325Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-12773"
              },
              {
                "name": "RHBZ#2491112",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491112"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12773.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-06-21T04:00:49.686Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-06-21T03:15:08.647Z",
                "value": "Made public."
              }
            ],
            "title": "litellm: BerriAI litellm: Improper authentication in MCP Proxy via UserAPIKeyAuth function",
            "workarounds": [
              {
                "lang": "en",
                "value": "Upgrade to litellm 1.81.16 or later. As a workaround, do not configure backend MCP servers with allow_all_keys: true, and restrict network access to the LiteLLM MCP proxy endpoints."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "MCP Proxy"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.59.0"
                },
                {
                  "status": "affected",
                  "version": "1.59.1"
                },
                {
                  "status": "affected",
                  "version": "1.59.2"
                },
                {
                  "status": "affected",
                  "version": "1.59.3"
                },
                {
                  "status": "affected",
                  "version": "1.59.4"
                },
                {
                  "status": "affected",
                  "version": "1.59.5"
                },
                {
                  "status": "affected",
                  "version": "1.59.6"
                },
                {
                  "status": "affected",
                  "version": "1.59.7"
                },
                {
                  "status": "affected",
                  "version": "1.59.8"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T03:15:08.647Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372515 | BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372515"
            },
            {
              "name": "VDB-372515 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372515/cti"
            },
            {
              "name": "CVE-2026-12773 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12773"
            },
            {
              "name": "Submit #811282 | litellm \u003c= 1.59.8 Improper Authentication (CWE-287)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811282"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/3cfaad10a69d7a15e4d4d458cb53309e"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T11:31:42.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12773",
        "datePublished": "2026-06-21T03:15:08.647Z",
        "dateReserved": "2026-06-20T09:26:26.143Z",
        "dateUpdated": "2026-06-30T12:06:53.325Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12772 (GCVE-0-2026-12772)

    Vulnerability from cvelistv5 – Published: 2026-06-21 02:00 – Updated: 2026-06-22 17:20
    VLAI
    Title
    BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration
    Summary
    A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/372514 vdb-entrytechnical-description
    https://vuldb.com/vuln/372514/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-12772 third-party-advisory
    https://vuldb.com/submit/811281 third-party-advisory
    https://gist.github.com/YLChen-007/39ed709ce32243… exploit
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12772",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:20:15.086018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T17:20:24.396Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "PROXY_ADMIN database API Key Generator"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-613",
                  "description": "Session Expiration",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T02:00:08.882Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372514 | BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/372514"
            },
            {
              "name": "VDB-372514 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372514/cti"
            },
            {
              "name": "CVE-2026-12772 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12772"
            },
            {
              "name": "Submit #811281 | litellm \u003c= 1.82.2 Insufficient Session Expiration (CWE-613)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811281"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/39ed709ce322431658a05b951e91f278"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T11:31:39.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12772",
        "datePublished": "2026-06-21T02:00:08.882Z",
        "dateReserved": "2026-06-20T09:26:23.462Z",
        "dateUpdated": "2026-06-22T17:20:24.396Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12771 (GCVE-0-2026-12771)

    Vulnerability from cvelistv5 – Published: 2026-06-21 01:00 – Updated: 2026-06-22 13:33
    VLAI
    Title
    BerriAI litellm M2M JWT user_api_key_auth.py improper authorization
    Summary
    A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.82.0
    Affected: 1.82.1
    Affected: 1.82.2
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12771",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T13:32:58.469818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T13:33:10.626Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "M2M JWT Handler"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.82.0"
                },
                {
                  "status": "affected",
                  "version": "1.82.1"
                },
                {
                  "status": "affected",
                  "version": "1.82.2"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 2.3,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4.6,
                "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T01:00:12.198Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372513 | BerriAI litellm M2M JWT user_api_key_auth.py improper authorization",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/372513"
            },
            {
              "name": "VDB-372513 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372513/cti"
            },
            {
              "name": "CVE-2026-12771 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12771"
            },
            {
              "name": "Submit #811280 | litellm \u003c= 1.82.2 Improper Authorization (CWE-285)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811280"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/70e4e106527f74ddf17953ff0f6c248d"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-20T11:31:36.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm M2M JWT user_api_key_auth.py improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12771",
        "datePublished": "2026-06-21T01:00:12.198Z",
        "dateReserved": "2026-06-20T09:26:20.566Z",
        "dateUpdated": "2026-06-22T13:33:10.626Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12770 (GCVE-0-2026-12770)

    Vulnerability from cvelistv5 – Published: 2026-06-21 00:15 – Updated: 2026-06-22 18:12
    VLAI
    Title
    BerriAI litellm Admin Key key_management_endpoints.py improper authorization
    Summary
    A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    Impacted products
    Vendor Product Version
    BerriAI litellm Affected: 1.63.0
    Affected: 1.63.1
        cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Eric-c (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12770",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-22T17:55:24.067237Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-22T18:12:38.503Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Admin Key Handler"
              ],
              "product": "litellm",
              "vendor": "BerriAI",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.63.0"
                },
                {
                  "status": "affected",
                  "version": "1.63.1"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Eric-c (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.5,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-21T04:30:35.530Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-372512 | BerriAI litellm Admin Key key_management_endpoints.py improper authorization",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/372512"
            },
            {
              "name": "VDB-372512 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/372512/cti"
            },
            {
              "name": "CVE-2026-12770 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-12770"
            },
            {
              "name": "Submit #811279 | litellm \u003c= 1.63.1 Improper Authorization (CWE-285)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/811279"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://gist.github.com/YLChen-007/993c68152b2c770d53590f1684c755d4"
            },
            {
              "tags": [
                "issue-tracking",
                "patch"
              ],
              "url": "https://github.com/BerriAI/litellm/pull/23781"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://github.com/BerriAI/litellm/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-20T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-06-20T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-06-21T06:35:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "BerriAI litellm Admin Key key_management_endpoints.py improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-12770",
        "datePublished": "2026-06-21T00:15:08.657Z",
        "dateReserved": "2026-06-20T09:26:17.378Z",
        "dateUpdated": "2026-06-22T18:12:38.503Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }