Privilege Escalation Vulnerability in LiteLLM by BerriAI
CVE-2026-47101
Key Information:
Badges
What is CVE-2026-47101?
CVE-2026-47101 is a privilege escalation vulnerability found in LiteLLM, a product developed by BerriAI, which is designed to facilitate natural language processing tasks through machine learning models. This vulnerability arises from the software's failure to adequately verify user permissions when generating API keys. An authenticated internal user can create API keys that provide access to admin-only routes, bypassing the role-based access controls intended to restrict access based on user roles. As a result, this flaw can be exploited to allow unauthorized escalation from an internal user to that of a proxy admin, potentially wreaking havoc within an organization by granting full access to sensitive administrative functions and data.
Potential impact of CVE-2026-47101
-
Unauthorized Access: The primary risk associated with CVE-2026-47101 is the potential for unauthorized access to sensitive functionalities and data within the system. An internal user can exploit this vulnerability to gain administrative privileges, allowing them to manipulate critical system settings and confidential information.
-
Data Breaches: By exploiting this privilege escalation vulnerability, malicious actors can gain access to sensitive data, leading to potential data breaches. This can result in the exposure of personally identifiable information (PII), proprietary business information, or intellectual property, which can significantly harm an organization’s reputation and financial standing.
-
Increased Attack Surface: The existence of this vulnerability effectively increases the attack surface of the application. If an internal user can elevate permissions easily, it creates opportunities for further exploitation, including the possibility of deploying malware or ransomware, thereby further compromising the security integrity of the organization.
Affected Version(s)
litellm 0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses.
3 weeks ago
References
CVSS V4
Timeline
- 📰
First article discovered by The Hacker News
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
