These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-49468 is a critical vulnerability in the LiteLLM proxy server, which acts as an AI Gateway to call LLM APIs in OpenAI or native format. The vulnerability has a CVSS score of 9.5 and was published on June 22, 2026. The issue is fixed in version 1.84.0 of LiteLLM. Users of affected versions should upgrade to 1.84.0 to mitigate the vulnerability. The CVE record and NVD detail provide further informa [truncated]
CVE-2026-12799 is a low-severity vulnerability in BerriAI's litellm, affecting versions up to 1.82.2. The issue lies in the ui_view_users function within litellm/proxy/management_endpoints/internal_user_endpoints.py, related to incomplete fix for CVE-2025-0628. This vulnerability allows for improper authorization and can be exploited remotely. The exploit has been publicly disclosed. Defenders should asse [truncated]
CVE-2026-12798 is a low-severity server-side request forgery vulnerability in BerriAI litellm up to 1.82.2. The issue affects the load_openapi_spec_async function in litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py. Attackers can initiate the attack remotely by manipulating the spec_path argument. The CVSS score is 2.1. The vendor was contacted early about this disclosure. Limited exploi [truncated]
CVE-2026-12797 is a low-severity security flaw in BerriAI litellm versions up to 1.82.5. The vulnerability affects the Completions Interface, specifically the async_pre_call_hook function in banned_keywords.py. This flaw allows for incorrect authorization, which can be exploited remotely. Although the exploit has been publicly released, the CVSS score is 2.1, indicating a low severity. Defenders should as [truncated]
CVE-2026-12795 is a vulnerability in BerriAI litellm versions up to 1.82.2. The issue affects the SSO Debug Flow, specifically the json.dumps function in litellm/proxy/management_endpoints/ui_sso.py, potentially leading to missing authentication. The vulnerability has a CVSS score of 5.5, indicating a medium severity level. The attack can be executed remotely, and the exploit has been publicly disclosed. [truncated]
CVE-2026-12774 is a server-side request forgery vulnerability detected in BerriAI litellm up to version 1.82.2. The vulnerability specifically affects the _execute_with_mcp_client function in the litellm/proxy/_experimental/mcp_server/rest_endpoints.py file within the MCP Server Connection Testing component. This vulnerability allows for remote exploitation, and its exploitation has been publicly disclose [truncated]
CVE-2026-12771 is a vulnerability in BerriAI litellm up to 1.82.2. The issue affects an unknown function in the litellm/proxy/auth/user_api_key_auth.py file within the M2M JWT Handler component, leading to improper authorization. The vulnerability can be exploited remotely with high complexity and difficult exploitability. The CVSS score is 1.3, indicating a LOW severity. Defenders should assess their exp [truncated]
CVE-2026-12770 is a low-severity vulnerability (CVSS Score: 2.1) affecting BerriAI litellm versions up to 1.63.1. The issue lies in the Admin Key Handler component, specifically in the file litellm/proxy/management_endpoints/key_management_endpoints.py, leading to improper authorization. The vulnerability can be exploited remotely, and a public exploit has been disclosed. Given the low severity and the ne [truncated]
A command injection vulnerability was discovered in BerriAI LiteLLM, a popular open-source library. This vulnerability, tracked as CVE-2026-42271, has a CVSS score of 8.7 and is classified as HIGH severity. The vulnerability was publicly disclosed on June 8, 2026, and added to the CISA Known Exploited Vulnerabilities (KEV) catalog on the same day, with a due date for mitigation set for June 22, 2026.
CVE-2026-47102 describes a broken access control issue in LiteLLM prior to 1.83.10. The /user/update endpoint restricts users to their own account, but it does not adequately restrict which fields can be modified, allowing a caller to change user_role to proxy_admin. That results in full administrative access to LiteLLM, including users, teams, keys, models, and prompt history. The issue is especially imp [truncated]
CVE-2026-47101 describes a privilege-escalation flaw in LiteLLM prior to 1.83.14. An authenticated internal_user could create an API key whose allowed_routes included routes outside their own permissions. Because those routes were stored without validating them against the creator’s authorization, the resulting key could be used to reach admin-only endpoints and bypass the RBAC checks that would normally [truncated]
CVE-2026-42208 is a SQL injection vulnerability affecting BerriAI LiteLLM. CISA added it to the Known Exploited Vulnerabilities catalog on 2026-05-08 and set a remediation due date of 2026-05-11. In practical terms, this means defenders should treat it as an actively exploited issue and move quickly on vendor guidance, compensating controls, or removal where mitigation is not available.
