Aggregator

A vulnerability has been found in BerriAI litellm up to 1.82.2 and classified as critical. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2026-12774. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure.

vuldb.com

CVE-2026-12773 | BerriAI litellm up to 1.59.8 MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication

VulDB Recent Entries

1 week 1 day ago

A vulnerability, which was classified as critical, was found in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The identification of this vulnerability is CVE-2026-12773. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure.

vuldb.com

CVE-2026-12772 | BerriAI litellm up to 1.82.2 PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration (EUVD-2026-38138)

VulDB Recent Entries

1 week 1 day ago

A vulnerability, which was classified as critical, has been found in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. This vulnerability was named CVE-2026-12772. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure.

vuldb.com

CVE-2026-12771 | BerriAI litellm up to 1.82.2 M2M JWT user_api_key_auth.py improper authorization (EUVD-2026-38137)

VulDB Recent Entries

1 week 1 day ago

A vulnerability classified as critical was found in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-12771. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure.

vuldb.com

CVE-2026-12770 | BerriAI litellm up to 1.63.1 Admin Key key_management_endpoints.py improper authorization (ID 23781 / EUVD-2026-38136)

VulDB Recent Entries

1 week 1 day ago

A vulnerability classified as critical has been found in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. This vulnerability is handled as CVE-2026-12770. The attack can be initiated remotely. Additionally, an exploit exists. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.

vuldb.com