A security advisory has been published for LiteLLM, detailing an authentication bypass via host header injection...

A security advisory has been published for LiteLLM, detailing an authentication bypass via host header injection (CVE-2026-49468, OSV advisory). This vulnerability could allow attackers to bypass authentication mechanisms in the LLM gateway, potentially leading to unauthorized access and misuse of the proxy service. Following the advisory on June 16, 2026, LiteLLM rapidly released multiple PyPI versions: 1.89.1, 1.89.2, and 1.88.3 within days (PyPI releases), likely indicating patching efforts. However, the existence of a high-severity authentication bypass undermines trust in the security posture of LiteLLM, especially for enterprises relying on its proxy for model access and spend tracking. The vulnerability direction is negative, as it may lead to loss of customer confidence and potential security incidents.