PT-2026-51197 · Berriai · Litellm
Eric-C
·
Published
2026-06-21
·
Updated
2026-06-21
·
CVE-2026-12773
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BerriAI litellm versions prior to 1.59.9
Description
An improper authentication issue exists in the MCP Proxy component. A remote attacker can manipulate the
UserAPIKeyAuth() function within the file litellm/proxy/ experimental/mcp server/auth/user api key auth mcp.py to bypass authentication mechanisms.Recommendations
Update to a version later than 1.59.8.
As a temporary workaround, restrict access to the
UserAPIKeyAuth() function in the MCP Proxy component to minimize the risk of exploitation.Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Litellm