PT-2026-51196 · Berriai · Litellm
Eric-C
·
Published
2026-06-21
·
Updated
2026-06-21
·
CVE-2026-12772
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BerriAI litellm versions prior to 1.82.3
Description
A security flaw exists in the PROXY ADMIN database API Key Generator component within the
authenticate user() function of the litellm/proxy/auth/login utils.py file. A remote attacker can perform a manipulation that results in session expiration.Recommendations
Update to a version later than 1.82.2.
As a temporary workaround, restrict access to the
authenticate user() function until the update is applied.Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Litellm