What is CVE-2026-35030?

CVE-2026-35030 is a vulnerability in Berriai Litellm, classified under Improper Authentication. Published 2026-04-06.

Is CVE-2026-35030 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Berriai Litellm

CVE-2026-35030

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produc…

Vulnerability class: Broken Authentication

EPSS: 0.000 (15.4th percentile) — read the EPSS interpretation.

Affected products

Berriai Litellm — versions < 1.83.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

learner202649/CVE-2026-35030-PoC

References

https://github.com/BerriAI/litellm/security/advisories/GHSA-jjhc-v7c2-5hh6 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-35030?: CVE-2026-35030 is a vulnerability in Berriai Litellm, classified under Improper Authentication. Published 2026-04-06.
Is CVE-2026-35030 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.