PatchSiren cyber security CVE debrief
CVE-2026-35029 BerriAI CVE debrief
CVE-2026-35029 is a high-severity vulnerability in LiteLLM, a proxy server for LLM APIs. Prior to version 1.83.0, the /config/update endpoint lacks admin role authorization, allowing authenticated users to modify proxy configurations, environment variables, and register custom endpoint handlers pointing to attacker-controlled Python code. This could lead to remote code execution, reading arbitrary server files, and taking over privileged accounts. The vulnerability was publicly disclosed on April 6, 2026, and patched in version 1.83.0. LiteLLM users should update to the latest version to mitigate this risk.
- Vendor
- BerriAI
- Product
- litellm
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-06
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-06
- Advisory updated
- 2026-06-30
Who should care
Organizations using LiteLLM proxy server for LLM APIs should prioritize updating to version 1.83.0 or later. Security teams should review their inventory of affected systems and ensure proper authorization controls are in place. Developers using LiteLLM in their applications should also be aware of this vulnerability and take steps to mitigate it.
Technical summary
The /config/update endpoint in LiteLLM proxy server prior to version 1.83.0 does not enforce admin role authorization. This allows authenticated users to modify proxy configurations and environment variables. An attacker could exploit this by registering custom pass-through endpoint handlers pointing to malicious Python code, leading to remote code execution. Additionally, an attacker could set the UI_LOGO_PATH environment variable to read arbitrary server files or overwrite UI_USERNAME and UI_PASSWORD to hijack privileged accounts.
Defensive priority
High. This vulnerability allows for remote code execution and privilege escalation, making it a critical priority for LiteLLM users.
Recommended defensive actions
- Update LiteLLM to version 1.83.0 or later
- Review and restrict access to the /config/update endpoint
- Monitor for suspicious activity on the LiteLLM proxy server
- Implement additional authorization controls for proxy configuration changes
- Regularly review and update LiteLLM configurations and environment variables
Evidence notes
The CVE record and NVD details provide information on the vulnerability, its impact, and the patched version. The GitHub advisory and Red Hat errata provide additional context and mitigation guidance.
Official resources
-
CVE-2026-35029 CVE record
CVE.org
-
CVE-2026-35029 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.