PT-2026-51213 · Berriai · Litellm
Eric-D
·
Published
2026-06-21
·
Updated
2026-06-21
·
CVE-2026-12799
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BerriAI litellm versions prior to 1.82.3
Description
Improper authorization occurs in the
ui view users() function located in the litellm/proxy/management endpoints/internal user endpoints.py file. This flaw allows a remote attacker to bypass authorization controls.Recommendations
Update to a version later than 1.82.2.
As a temporary workaround, restrict access to the
ui view users() function until the update is applied.Exploit
Fix
Incorrect Privilege Assignment
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Litellm