← signals
2026-07-14·LITELLM·security risk
highdown

A wave of critical security vulnerabilities has been disclosed for LiteLLM, an open-source LLM API proxy library,...

A wave of critical security vulnerabilities has been disclosed for LiteLLM, an open-source LLM API proxy library, primarily via OSV advisories between June 29 and July 13, 2026.

window 30devidence 25confidence score 100

confidence score

Strong evidence: 2 independent source classes support this read.

100
high confidence2 independent source classesotherpasses publish gate

signal brief

A wave of critical security vulnerabilities has been disclosed for LiteLLM, an open-source LLM API proxy library, primarily via OSV advisories between June 29 and July 13, 2026. The disclosed CVEs include remote code execution (CVE-2024-8984, CVE-2026-42271), SQL injection (CVE-2024-4890, CVE-2024-5225), authentication bypass via host header injection (CVE-2026-49468), privilege escalation (CVE-2026-35029), and sandbox escape in custom-code guardrails (CVE-2026-40217). These vulnerabilities affect critical security boundaries and could allow attackers to execute arbitrary code, access sensitive data, or escalate privileges. The concentration of disclosures suggests a systemic security review or researcher focus. For users relying on LiteLLM as a proxy gateway to LLM providers, these issues pose a direct trust and operational risk, potentially driving users to alternative solutions or requiring urgent patching. The library's PyPI release 1.92.0 (July 12) may or may not address these CVEs; the advisory dates indicate many were published after that release. The cumulative effect undermines LiteLLM's reliability in production AI infrastructure.

What the sources said:

  • "LiteLLM: Authentication Bypass via Host Header Injection" (OSV advisory GHSA-4xpc-pv4p-pm3w).
  • "LiteLLM Vulnerable to Remote Code Execution (RCE)" (OSV advisory PYSEC-2026-1541).
  • "LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint" (OSV advisory PYSEC-2026-2597).
  • "SQL injection in litellm" (OSV advisory PYSEC-2026-1544).

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.