PT-2026-56544 · Berriai · Litellm
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-59821
CVSS v4.0
2.1
Low
| Vector | AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
LiteLLM versions prior to 1.82.0-stable
Description
LiteLLM is a proxy server that acts as an AI Gateway for calling LLM APIs. A flaw exists in the production create and update paths of the Custom Code Guardrails, which failed to apply the same sandboxing and validation used by the test endpoint. This allows a privileged user with permissions to create or update guardrails to submit custom Python code that executes within the LiteLLM proxy environment, potentially exposing secrets available to the process. This issue has been exploited in real-world incidents.
Recommendations
Update to version 1.82.0-stable.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Litellm