CVE-2026-35030

Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.0

Description A critical authentication bypass can occur in LiteLLM when JWT authentication is enabled, due to an OIDC userinfo cache key collision. The OIDC userinfo cache uses the first 20 characters of the token as the cache key. JWT headers from the same signing algorithm produce identical first 20 characters, allowing an unauthenticated attacker to craft a token that matches a legitimate user's cached token. Upon a cache hit, the attacker can inherit the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled.

Recommendations Update to version 1.83.0 or later. Disable OIDC userinfo caching by setting the cache TTL to 0. Disable JWT authentication entirely.