CVE-2026-12795 BerriAI CVE debrief

Who should care

Organizations using BerriAI litellm versions up to 1.82.2 should be aware of this vulnerability and assess their exposure. Specifically, those using the SSO Debug Flow functionality are at risk. The vulnerability's medium severity and remote exploitability make it a priority for defenders to review and address.

Technical summary

The vulnerability CVE-2026-12795 is in the BerriAI litellm package, up to version 1.82.2. It is located in the SSO Debug Flow, specifically in the json.dumps function of the litellm/proxy/management_endpoints/ui_sso.py file. This vulnerability can lead to missing authentication, allowing for potential unauthorized access. The CVSS:4.0 score is AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X, indicating a medium severity level with a score of 5.5.

Defensive priority

Medium priority due to remote exploitability and public disclosure of the exploit.

Recommended defensive actions

• Inventory and review BerriAI litellm installations up to version 1.82.2 for exposure.
• Apply patches or updates to BerriAI litellm to address the vulnerability.
• Review and restrict access to the SSO Debug Flow functionality.
• Monitor for suspicious activity related to the SSO Debug Flow.
• Consider compensating controls, such as additional authentication mechanisms, if patching is not feasible.

Evidence notes

The primary evidence for this vulnerability comes from the CVE-2026-12795 record and the NVD detail page. The vulnerability affects BerriAI litellm up to version 1.82.2. The SSO Debug Flow, specifically the json.dumps function in litellm/proxy/management_endpoints/ui_sso.py, is impacted. Defenders should verify the version of litellm in use and review the official CVE and NVD pages for further details.

Official resources