Authorization Bypass Vulnerability in LiteLLM Proxy Server by BerriAI
CVE-2026-35029

8.7HIGH

Key Information:

Vendor: Berriai
Status: Litellm
Vendor: CVE Published:; 6 April 2026

What is CVE-2026-35029?

The LiteLLM proxy server, which serves as an AI Gateway for LLM API calls, contains a significant flaw prior to version 1.83.0. Specifically, the /config/update endpoint lacks proper admin role authorization. This oversight allows an authenticated user to exploit the endpoint, leading to unauthorized modifications of the proxy configuration and environment variables. Furthermore, it poses severe risks, such as remote code execution by registering custom handlers directed at malicious Python code, the ability to read arbitrary server files via manipulated UI_LOGO_PATH values, and the potential for account takeovers by overwriting critical environment variables like UI_USERNAME and UI_PASSWORD. This vulnerability was addressed with the release of version 1.83.0.

Affected Version(s)

litellm < 1.83.0

References

https://github.com/BerriAI/litellm/security/advisories/GH...

x_refsource_CONFIRM

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Mar 31, 2026

CVE-2026-35029 Data

JSON

Berriai

What is CVE-2026-35029?

Affected Version(s)

References

CVSS V4

Timeline