PatchSiren cyber security CVE debrief
CVE-2026-59819 BerriAI CVE debrief
CVE-2026-59819 is a low-severity vulnerability in LiteLLM's proxy server. Prior to version 1.83.10-stable, the /health/test_connection endpoint could be exploited by a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable. The vulnerability class involves unauthorized file reads. The source confidence is high based on the CVE and NVD entries. LiteLLM users and administrators should be aware of the potential impact and ensure they are running version 1.83.10-stable or later to prevent potential file reads. The debrief is based on the supplied source corpus and aims to provide an executive overview of the vulnerability, its impact, and the recommended actions.
- Vendor
- BerriAI
- Product
- litellm
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-13
Who should care
LiteLLM users and administrators should be aware of this vulnerability and ensure they are running version 1.83.10-stable or later to prevent potential file reads. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact on their environments and take appropriate actions. Affected deployments should be identified, and owners should be assigned for follow-up. Compensating controls should be reviewed for exposed systems while remediation is scheduled and verified.
Technical summary
The vulnerability exists in the /health/test_connection endpoint of LiteLLM's proxy server. An attacker with the necessary permissions could craft a request that resolves environment and OIDC file references in litellm_params, potentially leading to unauthorized file reads. This issue allows a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. The vulnerability class involves unauthorized file reads, and the source confidence is high based on the CVE and NVD entries. LiteLLM users and administrators should be aware of the potential impact and ensure they are running version 1.83.10-stable or later to prevent potential file reads.
Defensive priority
Low-Medium
Recommended defensive actions
- Update LiteLLM to version 1.83.10-stable or later
- Restrict access to the /health/test_connection endpoint
- Monitor for suspicious activity
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
Evidence notes
The CVE record was published on 2026-07-08T20:16:57.277Z and last modified on 2026-07-13T13:20:24.483Z. The NVD entry is currently Analyzed. This vulnerability affects LiteLLM users and administrators who need to ensure they are running version 1.83.10-stable or later. The vulnerability allows a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. Evidence limits suggest verifying affected scope and vendor guidance. Defenders should verify the affected deployments, review compensating controls, and monitor for suspicious activity.
Official resources
-
CVE-2026-59819 CVE record
CVE.org
-
CVE-2026-59819 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Mitigation, Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:57.277Z and has not been modified since then. The NVD entry is currently Analyzed.