PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-59820 BerriAI CVE debrief

CVE-2026-59820 is a path traversal vulnerability in LiteLLM, a proxy server for LLM APIs. An authenticated user could upload a crafted skill archive to write to unintended directories. This issue allows attackers to potentially overwrite files outside the intended extraction or staging directory, posing a risk to the system's integrity. Users of LiteLLM, especially those with exposed LLM API routes, should verify their version and apply updates to prevent path traversal attacks.

Vendor
BerriAI
Product
litellm
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-08
Original CVE updated
2026-07-13
Advisory published
2026-07-08
Advisory updated
2026-07-13

Who should care

Users of LiteLLM, especially those with exposed LLM API routes or keys whose allowed_routes include /v1/skills, anthropic_routes, or llm_api_routes, should verify their version and apply updates to prevent path traversal attacks. This includes operators, platform administrators, vulnerability management teams, and security teams who need to ensure the system's integrity and protect against potential attacks.

Technical summary

LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives. This allowed an authenticated user with access to LiteLLM LLM API routes or a key whose allowed_routes includes /v1/skills, anthropic_routes, or llm_api_routes to upload a crafted skill archive containing path traversal entries that could be written outside the intended extraction or staging directory. The issue is fixed in version 1.83.7-stable, which includes improved validation and sanitization of file paths.

Defensive priority

Medium priority due to the need for authentication and specific route access. However, defenders should be cautious as the vulnerability could lead to integrity issues if exploited.

Recommended defensive actions

  • Verify LiteLLM version and upgrade to 1.83.7-stable or later
  • Restrict access to LLM API routes and /v1/skills
  • Monitor for suspicious skill archive uploads
  • Implement additional input validation and sanitization
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-08T20:16:57.413Z and was last modified on 2026-07-13T13:23:26.020Z. The NVD entry is currently Analyzed. The vulnerability affects LiteLLM versions prior to 1.83.7-stable. Evidence limits suggest that defenders verify their LiteLLM version and apply updates to prevent path traversal attacks.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:57.413Z and has not been modified since then. The NVD entry is currently Analyzed.