CVE-2026-12770 BerriAI CVE debrief

Who should care

Organizations using BerriAI litellm up to version 1.63.1 should be aware of this vulnerability. Given the low CVSS score and the specifics of the exploit, it may not be a high priority for all, but those with exposed systems or high security standards should investigate and apply mitigations.

Technical summary

The vulnerability (CVE-2026-12770) is caused by improper authorization in the Admin Key Handler of BerriAI litellm up to 1.63.1. The affected component is located in the file litellm/proxy/management_endpoints/key_management_endpoints.py. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X, indicating a low severity score of 2.1. The weakness types are CWE-266 and CWE-285.

Defensive priority

Low priority due to CVSS score of 2.1 and required privileges for exploitation.

Recommended defensive actions

• Inventory and assess the exposure of BerriAI litellm versions up to 1.63.1 within your organization.
• Review and apply the vendor-supported remediation when available.
• Implement compensating controls to limit exposure, such as restricting access to the Admin Key Handler.
• Monitor for any suspicious activity related to the Admin Key Handler.
• Track exceptions for systems that cannot be updated immediately.

Evidence notes

The primary evidence for this vulnerability comes from the NVD and Vuldb sources. The vulnerability affects BerriAI litellm up to version 1.63.1. The specific component impacted is the Admin Key Handler in the file litellm/proxy/management_endpoints/key_management_endpoints.py. Defenders should verify the version of litellm in use and assess the exposure of their systems based on the CVSS vector provided.

Official resources