Sources
LiteLLM Hit by CVSS 9.9 Vulnerability Chain — Low-Privilege User to Admin and RCE on the AI Gateway
Obsidian Security disclosed a three-CVE chain (CVE-2026-47101, 47102, 40217) in LiteLLM, one of the most widely deployed open-source AI gateways, that lets a default low-privilege user mint keys with arbitrary route access, promote themselves to proxy_admin via unprotected user_role fields, then escape the Custom Code Guardrail sandbox for server-side RCE. Any version below 1.83.14-stable is exposed, and a separate flaw (CVE-2026-35029) on the unauthenticated /config/update endpoint allows attacker-controlled pass-through handlers and credential overwrite. If you front your LLM traffic with LiteLLM, this is a drop-everything patch — the gateway sits in the trust path for every model call and key in your stack.
↳ Follow the thread