SB2026040799 - Multiple vulnerabilities in LiteLLM

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026040799

SB2026040799 - Multiple vulnerabilities in LiteLLM

Published: April 7, 2026

Security Bulletin ID SB2026040799
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 33% Medium 67%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2026-35029)

The vulnerability allows a remote user to execute arbitrary code, disclose sensitive information, and escalate privileges.

The vulnerability exists due to improper access control in the /config/update endpoint when handling configuration update requests. A remote user can modify proxy configuration and environment variables to execute arbitrary code, disclose sensitive information, and escalate privileges.

The issue can be exploited by a user who is already authenticated into the platform.


2) Improper Authentication (CVE-ID: CVE-2026-35030)

The vulnerability allows a remote attacker to bypass authentication and assume a legitimate user's identity and permissions.

The vulnerability exists due to improper authentication in the OIDC userinfo cache when processing JWT authentication tokens with colliding cache keys. A remote attacker can craft a token whose first 20 characters match a legitimate user's cached token to bypass authentication and assume a legitimate user's identity and permissions.

Only deployments with JWT/OIDC authentication enabled are vulnerable, and the issue depends on a cached legitimate user's token being present.


3) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote user to disclose password hashes and authenticate as another user.

The vulnerability exists due to improper access control in the /user/info, /user/update, /spend/users, and /v2/login endpoints when handling authenticated API requests and login attempts. A remote user can retrieve another user's password hash and submit the raw hash to log in as that user to disclose password hashes and authenticate as another user.

The issue can be exploited in an authentication bypass chain using three HTTP requests.


Remediation

Install update from vendor's website.

References