Main Vulnerability Database Vulnerabilities #VU130417

Improper Control of Dynamically-Managed Code Resources in LiteLLM - CVE-2026-40217

Published: May 7, 2026

Vulnerability identifier: #VU130417

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-40217

CWE-ID: CWE-913

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LiteLLM

Software vendor:
LiteLLM

Description

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper control of dynamically-managed code resources in the POST /guardrails/test_custom_code endpoint when running user-supplied Python inside a hand-rolled sandbox. A remote privileged user can submit crafted Python code to execute arbitrary code.

In default configurations, reaching the endpoint requires a proxy-admin credential. The proxy process runs as root in the default Docker image.

Remediation

Install security update from vendor's website.

External links

https://github.com/BerriAI/litellm/security/advisories/GHSA-wxxx-gvqv-xp7p

Improper Control of Dynamically-Managed Code Resources in LiteLLM - CVE-2026-40217

Description

Remediation

External links

Please verify you're human