A security advisory ( published on 2026-05-11 discloses a sandbox escape vulnerability in LiteLLM's custom-code...

A security advisory (https://osv.dev/vulnerability/GHSA-wxxx-gvqv-xp7p) published on 2026-05-11 discloses a sandbox escape vulnerability in LiteLLM's custom-code guardrail, assigned CVE-2026-40217. This vulnerability could allow attackers to bypass sandbox restrictions, posing a significant risk to deployments using custom-code guardrails. The advisory is a single source but is an official OSV entry with a CVE identifier. While no exploit details or patch status are provided in the advisory, the existence of a sandbox escape in a security-critical component undermines trust in LiteLLM's isolation guarantees. Given that LiteLLM is an AI gateway handling model access and spend tracking, a sandbox escape could lead to unauthorized model access or data leakage. The rapid release cadence (multiple versions in early June 2026) may indicate active development but could also signal rushed patches. However, no confirmed patch version is tied to this CVE. The signal is low confidence due to single-source advisory and lack of observed exploitation or patch confirmation.