A security vulnerability (CVE-2026-49468) has been disclosed in LiteLLM, an open-source library for interfacing with...

A security vulnerability (CVE-2026-49468) has been disclosed in LiteLLM, an open-source library for interfacing with large language model APIs. The flaw, reported on OSV, is an authentication bypass via host header injection. This could allow attackers to bypass authentication mechanisms and gain unauthorized access to systems using LiteLLM. The advisory is assigned GitHub Advisory ID GHSA-4xpc-pv4p-pm3w. The vulnerability impacts users of LiteLLM versions prior to the patched release. Exploitation could lead to unauthorized API usage, data exposure, or further compromise. The disclosure is a clear negative signal for LiteLLM's security posture and user trust. No patches or mitigations are mentioned in the advisory, increasing the risk. This event is significant for AI infrastructure operators relying on LiteLLM for secure LLM access.