PT-2026-51210 · Berriai · Litellm
Eric-C
·
Published
2026-06-21
·
Updated
2026-06-21
·
CVE-2026-12796
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
BerriAI litellm versions prior to 1.82.3
Description
An issue exists in the SSO Authentication Flow component within the
get redirect response from openid() function of the litellm/proxy/management endpoints/ui sso.py file. Remote manipulation of this function can lead to session expiration.Recommendations
Update to a version later than 1.82.2.
As a temporary workaround, restrict access to the
get redirect response from openid() function until the update is applied.Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Litellm