CVE-2026-59822

BerriAI · LiteLLM

LiteLLM proxy server contains a critical authentication vulnerability that allows unauthenticated access to sensitive functions.

Executive summary

A critical authentication bypass vulnerability in LiteLLM prior to version 1.84.0 permits unauthenticated access to sensitive proxy server functions.

Vulnerability

The vulnerability involves improper authentication and missing capability checks (CWE-287, CWE-306) within the LiteLLM proxy server. This allows an unauthenticated remote attacker to interact with the API gateway without valid credentials.

Business impact

The lack of authentication on an AI gateway proxy can lead to unauthorized access to downstream LLM APIs, potentially resulting in significant financial costs, data exposure, or the misuse of sensitive model configurations. With a CVSS score of 8.8, this flaw constitutes a high-severity risk that could lead to full compromise of the gateway's intended access controls.

Remediation

Immediate Action: Update the LiteLLM deployment to version 1.84.0 or later to enforce proper authentication protocols.

Proactive Monitoring: Monitor proxy traffic and API call logs for unexpected patterns or requests originating from unauthorized or unknown IP addresses.

Compensating Controls: Implement network-level access controls, such as an IP allowlist or a WAF, to restrict access to the LiteLLM proxy instance until the patch is applied.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the critical nature of authentication in a proxy gateway, this vulnerability should be treated with extreme urgency. Organizations must update to version 1.84.0 immediately to prevent unauthorized access to their AI infrastructure.