CVE-2026-12771 BerriAI CVE debrief

Who should care

Defenders responsible for BerriAI litellm installations up to version 1.82.2 should be aware of this vulnerability. Given the LOW CVSS score, it may not be a priority for all organizations, but those with high security requirements or using the affected component should take action. The vulnerability's remote exploitability and high complexity mean that defenders should focus on patching and monitoring.

Technical summary

The CVE-2026-12771 vulnerability affects BerriAI litellm up to 1.82.2, specifically in the M2M JWT Handler component. The issue is caused by improper authorization in the litellm/proxy/auth/user_api_key_auth.py file. The CVSS:4.0 vector is AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness types are CWE-266 and CWE-285.

Defensive priority

Low priority due to CVSS score of 1.3, but defenders should still assess exposure and consider patching.

Recommended defensive actions

• Inventory BerriAI litellm installations to identify potentially affected systems.
• Review official advisories for patches or mitigations.
• Apply vendor-supported remediation if available.
• Monitor for potential exploitation attempts.
• Review compensating controls if patching is not feasible.

Evidence notes

The primary evidence for CVE-2026-12771 comes from the NVD and Vuldb sources. The vulnerability affects BerriAI litellm up to 1.82.2, specifically in the M2M JWT Handler component. Defenders should verify the affected product/version/scope from official sources.

Official resources