Skip to main content

Litellm EUVDEUVD-2026-31345

| CVE-2026-47102 HIGH
Incorrect Authorization (CWE-863)
2026-05-21 disclosure@vulncheck.com GHSA-wpfp-gwwc-vwq6
8.7
CVSS 4.0 · Vendor: vulncheck
Share

Severity by source

Vendor (vulncheck) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Red Hat
8.8 HIGH
qualitative

Primary rating from Vendor (vulncheck).

CVSS VectorVendor: vulncheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
May 21, 2026 - 22:02 EUVD
Source Code Evidence Fetched
May 21, 2026 - 21:31 vuln.today
Analysis Generated
May 21, 2026 - 21:31 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 15 pypi packages depend on litellm (14 direct, 1 indirect)

Ecosystem-wide dependent count for version 1.83.10.

DescriptionCVE.org

LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without chaining any additional flaw.

AnalysisAI

Privilege escalation in LiteLLM prior to 1.83.10 allows any authenticated user with access to the /user/update endpoint to elevate themselves to proxy_admin by including a user_role field in a self-update request. The endpoint enforces ownership (users can only update their own account) but fails to restrict which fields are mutable, granting full administrative control over users, teams, keys, models, and prompt history. Publicly available exploit code exists via a published huntr.com bounty writeup and gist PoC, though no public exploit identified as actively used in the wild at time of analysis.

CVE-2026-42208 CRITICAL POC
9.3 May 08

SQL injection in LiteLLM proxy server versions 1.81.16 through 1.83.6 allows unauthenticated remote attackers to read an

CVE-2026-42271 HIGH POC
8.7 May 08

Remote command execution in LiteLLM proxy server versions 1.74.2 through 1.83.6 allows any authenticated user to execute

CVE-2024-2952 CRITICAL POC
9.8 Apr 10

BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. Rated critical s

CVE-2026-40217 HIGH POC
8.8 Apr 10

Remote code execution in BerriAI LiteLLM (all versions through 2026-04-08) enables authenticated attackers to execute ar

CVE-2024-4888 HIGH POC
8.1 Jun 06

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on t

CVE-2025-0330 HIGH POC
7.5 Mar 20

In berriai/litellm version v1.52.1, an issue in proxy_server.py causes the leakage of Langfuse API keys when an error oc

CVE-2024-9606 HIGH POC
7.5 Mar 20

In berriai/litellm before version 1.44.12, the `litellm/litellm_core_utils/litellm_logging.py` file contains a vulnerabi

CVE-2024-6587 HIGH POC
7.5 Sep 13

A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. Rated high severity (CVSS

CVE-2024-5225 HIGH POC
7.2 Jun 06

An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` en

CVE-2024-4889 HIGH POC
7.2 Jun 06

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated

CVE-2024-5710 MEDIUM POC
6.5 Jun 27

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. Rated med

CVE-2024-5751 CRITICAL
9.8 Jun 27

BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. Rated crit

Vendor StatusVendor

Share

EUVD-2026-31345 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy