CVE-2026-47101 BerriAI CVE debrief

Who should care

Administrators and security teams operating LiteLLM proxies, especially deployments that use internal_user accounts, route-scoped API keys, or RBAC to protect admin-only routes.

Technical summary

The issue is an authorization failure at API-key creation time. LiteLLM accepted an allowed_routes list for a newly generated key without checking whether the requested routes were actually permitted for the authenticated creator. That let a non-admin internal_user mint a key scoped to admin-only routes and then use that key to access those routes successfully. The weakness aligns with CWE-863 (incorrect authorization).

Defensive priority

High

Recommended defensive actions

• Upgrade LiteLLM to 1.83.14-stable or later.
• Revoke or rotate API keys created by internal_user accounts if their allowed_routes may have been overbroad.
• Audit existing API keys for route scopes that include admin-only endpoints or otherwise exceed the creator’s permissions.
• Review LiteLLM authorization logic around API-key generation to ensure route lists are validated against the caller’s privileges before storage.
• Use the linked release and fix commits to confirm the deployed build includes the authorization patch.

Evidence notes

The supplied CVE description states that LiteLLM prior to 1.83.14 allowed an authenticated internal_user to create API keys with unauthorized routes, enabling escalation to proxy_admin. The NVD record is the source item and includes references to a GitHub gist disclosure, three LiteLLM commits, the v1.83.14-stable release, a Huntr bounty, and a VulnCheck advisory. The cited release tag supports 1.83.14 as the fixed version boundary.

Official resources