PatchSiren cyber security CVE debrief
CVE-2026-59820 BerriAI CVE debrief
CVE-2026-59820 is a path traversal vulnerability in LiteLLM, a proxy server for LLM APIs. An authenticated user could upload a crafted skill archive to write to unintended directories. This issue allows attackers to potentially overwrite files outside the intended extraction or staging directory, posing a risk to the system's integrity. Users of LiteLLM, especially those with exposed LLM API routes, should verify their version and apply updates to prevent path traversal attacks.
- Vendor
- BerriAI
- Product
- litellm
- CVSS
- MEDIUM 6.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-13
Who should care
Users of LiteLLM, especially those with exposed LLM API routes or keys whose allowed_routes include /v1/skills, anthropic_routes, or llm_api_routes, should verify their version and apply updates to prevent path traversal attacks. This includes operators, platform administrators, vulnerability management teams, and security teams who need to ensure the system's integrity and protect against potential attacks.
Technical summary
LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives. This allowed an authenticated user with access to LiteLLM LLM API routes or a key whose allowed_routes includes /v1/skills, anthropic_routes, or llm_api_routes to upload a crafted skill archive containing path traversal entries that could be written outside the intended extraction or staging directory. The issue is fixed in version 1.83.7-stable, which includes improved validation and sanitization of file paths.
Defensive priority
Medium priority due to the need for authentication and specific route access. However, defenders should be cautious as the vulnerability could lead to integrity issues if exploited.
Recommended defensive actions
- Verify LiteLLM version and upgrade to 1.83.7-stable or later
- Restrict access to LLM API routes and /v1/skills
- Monitor for suspicious skill archive uploads
- Implement additional input validation and sanitization
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-08T20:16:57.413Z and was last modified on 2026-07-13T13:23:26.020Z. The NVD entry is currently Analyzed. The vulnerability affects LiteLLM versions prior to 1.83.7-stable. Evidence limits suggest that defenders verify their LiteLLM version and apply updates to prevent path traversal attacks.
Official resources
-
CVE-2026-59820 CVE record
CVE.org
-
CVE-2026-59820 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Mitigation, Patch, Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:57.413Z and has not been modified since then. The NVD entry is currently Analyzed.