CVE-2026-12771

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3

Description An issue in the M2M JWT Handler component, specifically within the file litellm/proxy/auth/user api key auth.py, leads to improper authorization. This flaw allows a remote attacker to bypass authorization mechanisms, although the attack is characterized by high complexity and difficult exploitability.

Recommendations Update to a version later than 1.82.2. As a temporary workaround, restrict access to the M2M JWT Handler component or the functions within litellm/proxy/auth/user api key auth.py to minimize the risk of exploitation.