PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-12799 BerriAI CVE debrief

CVE-2026-12799 is a low-severity vulnerability in BerriAI's litellm, affecting versions up to 1.82.2. The issue lies in the ui_view_users function within litellm/proxy/management_endpoints/internal_user_endpoints.py, related to incomplete fix for CVE-2025-0628. This vulnerability allows for improper authorization and can be exploited remotely. The exploit has been publicly disclosed. Defenders should assess their exposure and prioritize patching due to the potential for unauthorized access.

Vendor
BerriAI
Product
litellm
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-21
Original CVE updated
2026-06-22
Advisory published
2026-06-21
Advisory updated
2026-06-22

Who should care

Organizations using BerriAI litellm up to version 1.82.2 should be aware of this vulnerability. Given the low CVSS score of 2.1, it may not be a critical priority, but defenders should still assess their exposure, especially if the affected component is used in sensitive or high-availability environments. Reviewing access controls and monitoring for unusual activity related to the ui_view_users function is advisable.

Technical summary

The CVE-2026-12799 vulnerability affects BerriAI litellm versions up to 1.82.2. Specifically, the ui_view_users function in litellm/proxy/management_endpoints/internal_user_endpoints.py is impacted due to an incomplete fix for CVE-2025-0628. This results in improper authorization, allowing potential remote exploitation. The CVSS:4.0 vector is AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X, indicating a low severity score of 2.1.

Defensive priority

Low priority due to CVSS score of 2.1, but review and patching recommended to prevent potential unauthorized access.

Recommended defensive actions

  • Inventory and review systems using BerriAI litellm up to version 1.82.2
  • Apply patches or updates to litellm if available
  • Review and tighten access controls for the ui_view_users function
  • Monitor for unusual activity related to the affected component
  • Consider compensating controls if patching is not immediately feasible

Evidence notes

The primary evidence for this CVE comes from the NVD and Vuldb sources. The vulnerability affects BerriAI litellm up to version 1.82.2. The specific component impacted is the ui_view_users function in litellm/proxy/management_endpoints/internal_user_endpoints.py. Defenders should verify the version of litellm in use and review the authorization mechanisms for the affected function. The exploit has been publicly disclosed, increasing the urgency for defenders to assess their exposure.

Official resources

This article is AI-assisted and based on the supplied source corpus.