PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35029 BerriAI CVE debrief

CVE-2026-35029 is a high-severity vulnerability in LiteLLM, a proxy server for LLM APIs. Prior to version 1.83.0, the /config/update endpoint lacks admin role authorization, allowing authenticated users to modify proxy configurations, environment variables, and register custom endpoint handlers pointing to attacker-controlled Python code. This could lead to remote code execution, reading arbitrary server files, and taking over privileged accounts. The vulnerability was publicly disclosed on April 6, 2026, and patched in version 1.83.0. LiteLLM users should update to the latest version to mitigate this risk.

Vendor
BerriAI
Product
litellm
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-06
Original CVE updated
2026-06-30
Advisory published
2026-04-06
Advisory updated
2026-06-30

Who should care

Organizations using LiteLLM proxy server for LLM APIs should prioritize updating to version 1.83.0 or later. Security teams should review their inventory of affected systems and ensure proper authorization controls are in place. Developers using LiteLLM in their applications should also be aware of this vulnerability and take steps to mitigate it.

Technical summary

The /config/update endpoint in LiteLLM proxy server prior to version 1.83.0 does not enforce admin role authorization. This allows authenticated users to modify proxy configurations and environment variables. An attacker could exploit this by registering custom pass-through endpoint handlers pointing to malicious Python code, leading to remote code execution. Additionally, an attacker could set the UI_LOGO_PATH environment variable to read arbitrary server files or overwrite UI_USERNAME and UI_PASSWORD to hijack privileged accounts.

Defensive priority

High. This vulnerability allows for remote code execution and privilege escalation, making it a critical priority for LiteLLM users.

Recommended defensive actions

  • Update LiteLLM to version 1.83.0 or later
  • Review and restrict access to the /config/update endpoint
  • Monitor for suspicious activity on the LiteLLM proxy server
  • Implement additional authorization controls for proxy configuration changes
  • Regularly review and update LiteLLM configurations and environment variables

Evidence notes

The CVE record and NVD details provide information on the vulnerability, its impact, and the patched version. The GitHub advisory and Red Hat errata provide additional context and mitigation guidance.

Official resources

This article was generated with AI assistance based on the supplied source corpus.