PT-2026-56544 · Berriai · Litellm

Published

2026-07-08

·

Updated

2026-07-08

·

CVE-2026-59821

CVSS v4.0

2.1

Low

VectorAV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions LiteLLM versions prior to 1.82.0-stable
Description LiteLLM is a proxy server that acts as an AI Gateway for calling LLM APIs. A flaw exists in the production create and update paths of the Custom Code Guardrails, which failed to apply the same sandboxing and validation used by the test endpoint. This allows a privileged user with permissions to create or update guardrails to submit custom Python code that executes within the LiteLLM proxy environment, potentially exposing secrets available to the process. This issue has been exploited in real-world incidents.
Recommendations Update to version 1.82.0-stable.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59821

Affected Products

Litellm