Berriai Litellm
9 CVEs affecting Berriai Litellm. Latest disclosed: 2026-05-21. Critical: 1, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42208 | Critical | 9.8 | 2026-05-08 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used duri… |
CVE-2026-47102 | High | 8.8 | 2026-05-21 | LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating on… |
CVE-2026-47101 | High | 8.8 | 2026-05-21 | LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key… |
CVE-2026-42271 | High | 8.8 | 2026-05-08 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to previ… |
CVE-2026-42203 | High | 8.8 | 2026-05-08 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endp… |
CVE-2026-40217 | High | 8.8 | 2026-04-10 | LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI. |
CVE-2026-35029 | High | 8.8 | 2026-04-06 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role… |
CVE-2026-35030 | | 2026-04-06 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: tru… | |
CVE-2026-33634 | | 2026-03-23 | Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 v… |