Skip to main content

LiteLLM CVE-2026-12771

| EUVDEUVD-2026-38137 LOW
Improper Authorization (CWE-285)
2026-06-21 VulDB GHSA-qmf3-4767-5fg3
1.3
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.3 LOW
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.2 MEDIUM

Network-reachable but requires low-privilege credentials and complex JWT manipulation; no availability impact described; scope remains unchanged within the proxy.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jun 22, 2026 - 06:29 vuln.today
CVSS changed
Jun 21, 2026 - 02:22 NVD
2.3 (LOW) 1.3 (LOW)

DescriptionCVE.org

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

AnalysisAI

Improper authorization in LiteLLM's M2M JWT Handler (litellm/proxy/auth/user_api_key_auth.py) enables remote attackers holding low-level credentials to bypass authorization controls in versions 1.82.0 through 1.82.2. The flaw resides in the machine-to-machine JWT authentication pathway of the LiteLLM proxy layer, where manipulated JWT inputs cause the handler to make incorrect authorization decisions, potentially granting unauthorized access to proxied LLM API resources. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege LiteLLM credentials
Delivery
Craft manipulated M2M JWT token
Exploit
Submit token to proxy auth endpoint
Execution
Bypass authorization check in user_api_key_auth.py
Impact
Issue unauthorized LLM API calls beyond permitted scope

Vulnerability AssessmentAI

Exploitation Exploitation requires that the LiteLLM proxy instance is configured to use the M2M JWT Handler for machine-to-machine authentication, as the vulnerable code path is specific to litellm/proxy/auth/user_api_key_auth.py and its JWT processing logic. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 1.3 is very low, driven primarily by AC:H (high attack complexity), PR:L (low privileges required), and uniformly low vulnerable-system impact scores (VC:L/VI:L/VA:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with low-level authenticated access to a LiteLLM proxy deployment - for example, a service account credential obtained through credential theft or an insider - crafts a manipulated M2M JWT token that exploits the improper authorization logic in user_api_key_auth.py. Due to the flaw in the JWT handler's authorization decision, the proxy accepts the token as granting elevated or unauthorized permissions, allowing the attacker to issue API calls to proxied LLM backends beyond their intended access scope. …
Remediation No vendor-released patch with a confirmed fix version has been identified in the available intelligence at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-42208 CRITICAL POC
9.3 May 08

SQL injection in LiteLLM proxy server versions 1.81.16 through 1.83.6 allows unauthenticated remote attackers to read an

CVE-2026-42271 HIGH POC
8.7 May 08

Remote command execution in LiteLLM proxy server versions 1.74.2 through 1.83.6 allows any authenticated user to execute

CVE-2024-2952 CRITICAL POC
9.8 Apr 10

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. Rated critical s

CVE-2026-40217 HIGH POC
8.8 Apr 10

Remote code execution in BerriAI LiteLLM (all versions through 2026-04-08) enables authenticated attackers to execute ar

CVE-2024-4888 HIGH POC
8.1 Jun 06

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on t

CVE-2025-0330 HIGH POC
7.5 Mar 20

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error oc

CVE-2024-9606 HIGH POC
7.5 Mar 20

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerabi

CVE-2024-6587 HIGH POC
7.5 Sep 13

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. Rated high severity (CVSS

CVE-2024-5225 HIGH POC
7.2 Jun 06

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` en

CVE-2024-4889 HIGH POC
7.2 Jun 06

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated

CVE-2024-5710 MEDIUM POC
6.5 Jun 27

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. Rated med

CVE-2024-5751 CRITICAL
9.8 Jun 27

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. Rated crit

Share

CVE-2026-12771 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy