Remote Code Execution Vulnerability in LiteLLM by X41 DSec
CVE-2026-40217

8.8HIGH

Key Information:

Vendor: Berriai
Status: Litellm
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-40217?

LiteLLM, a product by X41 DSec, has a vulnerability that allows remote attackers to execute arbitrary code through bytecode rewriting at the specified URI. This flaw can lead to unauthorized actions being performed on the server, posing significant security risks. It is crucial for users to apply the necessary updates to mitigate this vulnerability.

Affected Version(s)

LiteLLM bb0639701796218a3447160e55c0f1097446e4e6085df7dfd39f476d4143743f

References

https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40217 Data

JSON

Berriai

What is CVE-2026-40217?

Affected Version(s)

References

CVSS V3.1

Timeline