Privilege Escalation Vulnerability in LiteLLM by BerriAI
CVE-2026-47102

8.7HIGH

Key Information:

Vendor

Berriai

Status
Litellm
Vendor
CVE Published:
21 May 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-47102?

LiteLLM versions before 1.83.10 have a vulnerability that allows users to change their own user_role through the /user/update endpoint. Although this endpoint restricts access to updating only the user's account, it fails to limit which fields can be modified. This oversight enables a user with access to the endpoint to alter their role to proxy_admin, granting them unauthorized administrative privileges over the entire LiteLLM environment, including sensitive information like user data, team configurations, and access to models and prompt history. The flaw can be exploited by users with legitimate roles, such as org_admin, without needing to chain it with other vulnerabilities.

Affected Version(s)

litellm 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-47102 - Proof of Concept

CVE-2026-47102 - Proof of Concept

References

https://gist.github.com/13ph03nix/9ec616e1fdc77b3673509c6...
technical-descriptionexploit
https://huntr.com/bounties/8e75edfb-ff05-4e63-bfca-2d93d0...
third-party-advisoryexploit
https://github.com/BerriAI/litellm/releases/tag/v1.83.10-...
release-notes

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fenix Qiao (aka 13ph03nix) from Obsidian Security
.