Skip to main content

BerriAI LiteLLM CVE-2026-12799

| EUVDEUVD-2026-38158 LOW
Improper Authorization (CWE-285)
2026-06-21 VulDB GHSA-m2v5-74w2-qhcj
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
4.3 MEDIUM

Network-accessible endpoint requires low-privilege authentication (PR:L); only limited user data enumeration is possible with no integrity or availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 22, 2026 - 06:34 vuln.today
Severity Changed
Jun 21, 2026 - 10:22 NVD
MEDIUM LOW
CVSS changed
Jun 21, 2026 - 10:22 NVD
5.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.

AnalysisAI

Improper authorization in BerriAI LiteLLM versions up to 1.82.2 allows authenticated low-privilege users to access user data beyond their permitted scope via the ui_view_users management endpoint - an incomplete remediation of the prior CVE-2025-0628 authorization bypass in the same function. A public proof-of-concept exploit is available on GitHub (YLChen-007), confirming practical exploitability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to LiteLLM proxy with low-privilege credentials
Delivery
Send crafted HTTP request to ui_view_users management endpoint
Exploit
Bypass residual authorization check (incomplete CVE-2025-0628 fix)
Execution
Enumerate unauthorized user records
Impact
Harvest user metadata for lateral movement or privilege escalation

Vulnerability AssessmentAI

Exploitation Exploitation requires valid credentials with at least low-level privilege on the target LiteLLM proxy instance, as confirmed by PR:L in the CVSS 4.0 vector - unauthenticated attackers cannot trigger this vulnerability. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.1 is low, reflecting the authentication prerequisite (PR:L), absence of integrity or availability impact (VI:N/VA:N), and only limited confidentiality exposure (VC:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding a low-privilege account on a LiteLLM proxy deployment - such as a regular API user or a compromised service account - sends a crafted request to the `ui_view_users` management endpoint, exploiting the residual authorization bypass left by the incomplete CVE-2025-0628 fix to enumerate user records beyond their permitted scope. A public proof-of-concept on GitHub lowers the technical barrier significantly, making this accessible to script-level attackers. …
Remediation No vendor-released patched version is independently confirmed at time of analysis - neither the NVD record nor the VulDB advisory cites an explicit fix version. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-42208 CRITICAL POC
9.3 May 08

SQL injection in LiteLLM proxy server versions 1.81.16 through 1.83.6 allows unauthenticated remote attackers to read an

CVE-2026-42271 HIGH POC
8.7 May 08

Remote command execution in LiteLLM proxy server versions 1.74.2 through 1.83.6 allows any authenticated user to execute

CVE-2024-2952 CRITICAL POC
9.8 Apr 10

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. Rated critical s

CVE-2026-40217 HIGH POC
8.8 Apr 10

Remote code execution in BerriAI LiteLLM (all versions through 2026-04-08) enables authenticated attackers to execute ar

CVE-2024-4888 HIGH POC
8.1 Jun 06

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on t

CVE-2025-0330 HIGH POC
7.5 Mar 20

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error oc

CVE-2024-9606 HIGH POC
7.5 Mar 20

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerabi

CVE-2024-6587 HIGH POC
7.5 Sep 13

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. Rated high severity (CVSS

CVE-2024-5225 HIGH POC
7.2 Jun 06

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` en

CVE-2024-4889 HIGH POC
7.2 Jun 06

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated

CVE-2024-5710 MEDIUM POC
6.5 Jun 27

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. Rated med

CVE-2024-5751 CRITICAL
9.8 Jun 27

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. Rated crit

Share

CVE-2026-12799 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy