LiteLLM, a popular library for interfacing with LLM API providers, has been disclosed with a security vulnerability:...

LiteLLM, a popular library for interfacing with LLM API providers, has been disclosed with a security vulnerability: CVE-2026-49468, an authentication bypass via Host Header Injection (OSV advisory). The vulnerability could allow an attacker to bypass authentication mechanisms by manipulating HTTP Host headers. This poses a risk to applications using LiteLLM for API routing and authentication. The library's latest PyPI release (1.90.0) is dated June 27, 2026 (PyPI release), but it is unclear if this version includes a fix. The disclosure may lead to reduced trust in the library's security posture and prompt users to seek alternatives or delay upgrades, negatively affecting adoption and community confidence in the short to medium term.