PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59819 BerriAI CVE debrief

CVE-2026-59819 is a low-severity vulnerability in LiteLLM's proxy server. Prior to version 1.83.10-stable, the /health/test_connection endpoint could be exploited by a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable. The vulnerability class involves unauthorized file reads. The source confidence is high based on the CVE and NVD entries. LiteLLM users and administrators should be aware of the potential impact and ensure they are running version 1.83.10-stable or later to prevent potential file reads. The debrief is based on the supplied source corpus and aims to provide an executive overview of the vulnerability, its impact, and the recommended actions.

Vendor
BerriAI
Product
litellm
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-13
Advisory published
2026-07-08
Advisory updated
2026-07-13

Who should care

LiteLLM users and administrators should be aware of this vulnerability and ensure they are running version 1.83.10-stable or later to prevent potential file reads. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact on their environments and take appropriate actions. Affected deployments should be identified, and owners should be assigned for follow-up. Compensating controls should be reviewed for exposed systems while remediation is scheduled and verified.

Technical summary

The vulnerability exists in the /health/test_connection endpoint of LiteLLM's proxy server. An attacker with the necessary permissions could craft a request that resolves environment and OIDC file references in litellm_params, potentially leading to unauthorized file reads. This issue allows a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. The vulnerability class involves unauthorized file reads, and the source confidence is high based on the CVE and NVD entries. LiteLLM users and administrators should be aware of the potential impact and ensure they are running version 1.83.10-stable or later to prevent potential file reads.

Defensive priority

Low-Medium

Recommended defensive actions

  • Update LiteLLM to version 1.83.10-stable or later
  • Restrict access to the /health/test_connection endpoint
  • Monitor for suspicious activity
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review

Evidence notes

The CVE record was published on 2026-07-08T20:16:57.277Z and last modified on 2026-07-13T13:20:24.483Z. The NVD entry is currently Analyzed. This vulnerability affects LiteLLM users and administrators who need to ensure they are running version 1.83.10-stable or later. The vulnerability allows a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. Evidence limits suggest verifying affected scope and vendor guidance. Defenders should verify the affected deployments, review compensating controls, and monitor for suspicious activity.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:57.277Z and has not been modified since then. The NVD entry is currently Analyzed.