PatchSiren cyber security CVE debrief
CVE-2026-40217 BerriAI CVE debrief
CVE-2026-40217 is a high-severity vulnerability in LiteLLM, allowing remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI. The vulnerability has a CVSS score of 8.8 and is classified as HIGH. It was published on April 10, 2026, and last modified on June 30, 2026. The vulnerability affects LiteLLM versions up to 2026-04-08. There is no evidence of ransomware campaign use. Users should update to the latest version of LiteLLM to mitigate this vulnerability.
- Vendor
- BerriAI
- Product
- LiteLLM
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-10
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-10
- Advisory updated
- 2026-06-30
Who should care
Organizations using LiteLLM should prioritize patching this vulnerability to prevent remote code execution attacks. The vulnerability's high severity and potential for exploitation make it essential for defenders to take immediate action. Additionally, security teams should review their inventory of affected systems and ensure that all instances are updated.
Technical summary
CVE-2026-40217 is a remote code execution vulnerability in LiteLLM, caused by bytecode rewriting at the /guardrails/test_custom_code URI. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a high level of exploitability and impact. The CWE-420 and CWE-94 weaknesses are associated with this vulnerability. The vulnerability affects LiteLLM versions up to 2026-04-08, and users should update to the latest version to mitigate this vulnerability.
Defensive priority
High priority should be given to patching this vulnerability, as it allows remote code execution and has a high CVSS score. Defenders should review their inventory of affected systems and ensure that all instances are updated.
Recommended defensive actions
- Update LiteLLM to the latest version to mitigate this vulnerability.
- Review inventory of affected systems and ensure that all instances are updated.
- Monitor for potential exploitation attempts.
- Implement compensating controls, such as web application firewalls, to detect and prevent attacks.
- Perform regular vulnerability scans to identify and address potential vulnerabilities.
Evidence notes
The vulnerability was published on April 10, 2026, and last modified on June 30, 2026. The CVSS score is 8.8, and the vulnerability is classified as HIGH. The CWE-420 and CWE-94 weaknesses are associated with this vulnerability. There is no evidence of ransomware campaign use.
Official resources
-
CVE-2026-40217 CVE record
CVE.org
-
CVE-2026-40217 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Third Party Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.