PT-2026-56543 · Berriai · Litellm

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-59820

CVSS v4.0

6.1

Medium

VectorAV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.83.7-stable
Description LiteLLM, a proxy server used to call LLM APIs, contains a flaw in its Skills archive extraction process. An authenticated user with access to the LLM API routes or a key permitted to use /v1/skills, anthropic routes, or llm api routes can upload a specially crafted ZIP archive. This archive can contain path traversal entries, which allow files to be written outside the intended extraction or staging directory. Path traversal is a technique used to access files and directories that are stored outside the web root folder. This issue has been exploited in real-world incidents.
Recommendations Update to version 1.83.7-stable.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59820

Affected Products

Litellm