PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-35030 BerriAI CVE debrief

CVE-2026-35030 is a critical vulnerability in LiteLLM, a proxy server for LLM APIs, allowing unauthenticated attackers to bypass JWT authentication and inherit legitimate user identities and permissions. This issue arises from the use of token[:20] as the cache key for OIDC userinfo cache when JWT authentication is enabled. The vulnerability affects deployments with JWT/OIDC authentication enabled and is fixed in version 1.83.0. The CVSS score for this vulnerability is 9.4, indicating a critical severity. LiteLLM instances with JWT authentication enabled are potentially vulnerable to exploitation.

Vendor
BerriAI
Product
litellm
CVSS
CRITICAL 9.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-04-06
Original CVE updated
2026-06-30
Advisory published
2026-04-06
Advisory updated
2026-06-30

Who should care

Organizations using LiteLLM with JWT/OIDC authentication enabled should prioritize patching to version 1.83.0 or later. Security teams and administrators responsible for LLM API proxy servers should assess their exposure and take immediate action to protect against potential exploitation.

Technical summary

The vulnerability in LiteLLM arises from the implementation of JWT authentication. When enable_jwt_auth is set to true, the OIDC userinfo cache uses a truncated version of the JWT token (token[:20]) as the cache key. Since JWT headers produced by the same signing algorithm have identical first 20 characters, an attacker can craft a token that matches a legitimate user's cached token. Upon cache hit, the attacker gains the legitimate user's identity and permissions. This vulnerability is particularly severe as it allows for unauthenticated access and has a high CVSS score of 9.4.

Defensive priority

Immediate patching to version 1.83.0 or later is crucial for organizations using LiteLLM with JWT/OIDC authentication. In the interim, defenders should review their configurations and monitor for suspicious activity.

Recommended defensive actions

  • Patch LiteLLM to version 1.83.0 or later immediately.
  • Review and adjust JWT/OIDC authentication configurations to enhance security.
  • Monitor for suspicious activity and potential exploitation attempts.
  • Assess the scope of affected deployments and prioritize remediation.
  • Implement compensating controls, such as additional authentication layers, if patching is not feasible in the short term.

Evidence notes

The CVE record and NVD detail provide official information on the vulnerability. Vendor advisories and mitigation strategies are available through GitHub and Red Hat errata. The vulnerability's critical severity and potential for exploitation necessitate swift action.

Official resources

This article is AI-assisted and based on the supplied source corpus.