PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12774 BerriAI CVE debrief

CVE-2026-12774 is a server-side request forgery vulnerability detected in BerriAI litellm up to version 1.82.2. The vulnerability specifically affects the _execute_with_mcp_client function in the litellm/proxy/_experimental/mcp_server/rest_endpoints.py file within the MCP Server Connection Testing component. This vulnerability allows for remote exploitation, and its exploitation has been publicly disclosed. The CVSS score is 2.1, indicating a low severity. Defenders should assess their exposure, focusing on systems using the affected version of litellm and prioritize patching or mitigating this vulnerability.

Vendor
BerriAI
Product
litellm
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-21
Original CVE updated
2026-06-22
Advisory published
2026-06-21
Advisory updated
2026-06-22

Who should care

Organizations using BerriAI litellm up to version 1.82.2 should be aware of this server-side request forgery vulnerability. IT and security teams responsible for maintaining and securing software components that utilize litellm should assess their exposure and take appropriate actions to mitigate this vulnerability. Given the low CVSS score, it might not be a critical priority but still requires attention to prevent potential exploitation.

Technical summary

The CVE-2026-12774 vulnerability is a server-side request forgery (SSRF) issue in the BerriAI litellm library, specifically affecting versions up to 1.82.2. The vulnerable function, _execute_with_mcp_client, is located in the litellm/proxy/_experimental/mcp_server/rest_endpoints.py file. This function is part of the MCP Server Connection Testing component. The vulnerability has been publicly disclosed and can be exploited remotely. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 2.1, classified as low severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Low severity vulnerability, prioritize based on system exposure and potential impact.

Recommended defensive actions

  • Inventory and assess systems using BerriAI litellm up to version 1.82.2 for potential exposure.
  • Review and apply the latest security patches or updates for BerriAI litellm.
  • Implement compensating controls to limit the potential impact of a successful exploitation.
  • Monitor for any suspicious activities that could indicate exploitation attempts.
  • Exception tracking for systems that cannot be immediately patched.

Evidence notes

The primary evidence for this vulnerability comes from the CVE record and details provided by the National Vulnerability Database (NVD) and Vuldb. The vulnerability affects BerriAI litellm up to version 1.82.2, specifically the _execute_with_mcp_client function in the litellm/proxy/_experimental/mcp_server/rest_endpoints.py file. The disclosure indicates that remote exploitation is possible and that the exploit has been publicly disclosed. Defenders should verify the affected product/version/scope from official sources and assess their exposure.

Official resources

This article is AI-assisted and based on the supplied source corpus.