Which versions of LiteLLM are affected by CVE-2026-47102?

LiteLLM versions prior to 1.83.10 contain a privilege escalation vulnerability in the /user/update endpoint with publicly available exploit code, allowing privilege escalation to proxy_admin status…. A patch is available.

LiteLLM CVE-2026-47102

Q: What is the CVSS score of CVE-2026-47102?

CVE-2026-47102 has a CVSS 4.0 base score of 8.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-31345 HIGH

Incorrect Authorization (CWE-863)

2026-05-21 disclosure@vulncheck.com

GHSA-wpfp-gwwc-vwq6

Authentication Bypass

8.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Patch available

May 21, 2026 - 22:02 EUVD

Source Code Evidence Fetched

May 21, 2026 - 21:31 vuln.today

Analysis Generated

May 21, 2026 - 21:31 vuln.today

DescriptionNVD

LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without chaining any additional flaw.

AnalysisAI

Privilege escalation in LiteLLM prior to 1.83.10 allows any authenticated user with access to the /user/update endpoint to elevate themselves to proxy_admin by including a user_role field in a self-update request. The endpoint enforces ownership (users can only update their own account) but fails to restrict which fields are mutable, granting full administrative control over users, teams, keys, models, and prompt history. …

RemediationAI

Within 24 hours: Identify all LiteLLM deployments and determine if affected versions (prior to 1.83.10) are running; immediately restrict /user/update endpoint access via firewall/WAF rules to authorized administrative accounts only and enable detailed API logging. Within 7 days: Audit all user accounts for unauthorized privilege escalations, review modification logs for suspicious activity, and implement application-level validation rejecting user_role field modifications in account self-updates. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-47102 vulnerability details – vuln.today

Back

LiteLLM CVE-2026-47102

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

LiteLLM CVE-2026-47102

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code