PatchSiren cyber security CVE debrief
CVE-2026-47102 BerriAI CVE debrief
CVE-2026-47102 describes a broken access control issue in LiteLLM prior to 1.83.10. The /user/update endpoint restricts users to their own account, but it does not adequately restrict which fields can be modified, allowing a caller to change user_role to proxy_admin. That results in full administrative access to LiteLLM, including users, teams, keys, models, and prompt history. The issue is especially important because users with the org_admin role can exploit it without chaining any additional flaw.
- Vendor
- BerriAI
- Product
- litellm
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-21
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-05-21
- Advisory updated
- 2026-05-21
Who should care
LiteLLM operators, especially teams exposing the /user/update endpoint, and any environment that uses org_admin or proxy_admin role separation. Security teams should prioritize this if LiteLLM is internet-facing or if administrative roles are delegated broadly.
Technical summary
According to the CVE description and NVD record, LiteLLM versions prior to 1.83.10 allow field-level authorization bypass on /user/update. The endpoint correctly limits the request to the caller's own account, but it fails to enforce an allowlist or denylist for mutable fields, so user_role can be set to proxy_admin. The weakness is classified as CWE-863 (Incorrect Authorization), and the impact is administrative takeover of the LiteLLM control plane.
Defensive priority
High. This is a direct privilege-escalation path to full administrative control, with high confidentiality, integrity, and availability impact. If the endpoint is reachable by authenticated users, remediation should be treated as urgent.
Recommended defensive actions
- Upgrade LiteLLM to 1.83.10-stable or later.
- Review /user/update for server-side field allowlisting and verify role fields cannot be modified by non-privileged users.
- Audit existing accounts for unexpected user_role changes, especially proxy_admin assignments.
- Check logs for suspicious /user/update activity and any changes to users, teams, keys, models, or prompt history.
- If misuse is suspected, review exposed administrative data and rotate or reissue sensitive credentials and keys as appropriate.
Evidence notes
The source set includes the NVD CVE record, which states the issue affects LiteLLM prior to 1.83.10 and maps it to CWE-863. The linked references include a Huntr bounty page, a VulnCheck advisory, two GitHub commits, a pull request, and the v1.83.10-stable release, which together indicate a public disclosure and associated fix trail. The CVSS vector in the record shows network reachability with low privileges and no user interaction, consistent with the described role-escalation path.
Official resources
Publicly recorded on 2026-05-21 in the CVE/NVD source set, with disclosure references pointing to Huntr, VulnCheck, GitHub commits, a pull request, and the LiteLLM v1.83.10-stable release.