LiteLLM, a popular open-source library for interfacing with LLM API providers, disclosed a high-severity security...

LiteLLM, a popular open-source library for interfacing with LLM API providers, disclosed a high-severity security vulnerability: CVE-2026-49468, an authentication bypass via host header injection (source). The advisory was published on June 16, 2026, alerting users to the risk. The library has seen rapid PyPI releases around the same time (versions 1.84.9 through 1.90.0rc1 between June 17 and June 21, 2026, e.g., 1.87.4, 1.89.2, 1.90.0rc1), suggesting active development that may include a fix. However, the vulnerability undermines trust in the library's security posture, potentially driving users to alternative tools or delaying adoption in production environments. Given the severity and public disclosure, this is a negative signal for LiteLLM's reputation and developer ecosystem trust.