Main Vulnerability Database Vulnerabilities #VU125067

Improper access control in LiteLLM - #VU125067

Published: April 7, 2026

Vulnerability identifier: #VU125067

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: LiteLLM

Affected software:
LiteLLM

Detailed vulnerability description

The vulnerability allows a remote user to disclose password hashes and authenticate as another user.

The vulnerability exists due to improper access control in the /user/info, /user/update, /spend/users, and /v2/login endpoints when handling authenticated API requests and login attempts. A remote user can retrieve another user's password hash and submit the raw hash to log in as that user to disclose password hashes and authenticate as another user.

The issue can be exploited in an authentication bypass chain using three HTTP requests.

Remediation

Install security update from vendor's website.

Sources

https://github.com/BerriAI/litellm/security/advisories/GHSA-69x8-hrgq-fjj8

Improper access control in LiteLLM - #VU125067

Detailed vulnerability description

Remediation

Sources

Please verify you're human