PT-2026-53474 · Pypi · Litellm

Published

2026-06-29

·

Updated

2026-06-29

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the add deployment function, which decodes and decrypts environment variables from base64 and assigns them to os.environ. An attacker can exploit this by sending a malicious payload to the /config/update endpoint, which is then processed and executed by the server when the get secret function is triggered. This requires the server to use Google KMS and a database to store a model.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

PYSEC-2026-389

Affected Products

Litellm