A cluster of 15+ security advisories for LITELLM (CVE-2024-2952, CVE-2024-4264, CVE-2024-4888, CVE-2024-4890,...
A cluster of 15+ security advisories for LITELLM (CVE-2024-2952, CVE-2024-4264, CVE-2024-4888, CVE-2024-4890, CVE-2024-5225, CVE-2024-5710, CVE-2024-5751, CVE-2024-6587, CVE-2024-6825, CVE-2024-8984, CVE-2024-9606, CVE-2024-10188, CVE-2025-0330, CVE-2025-0628, CVE-2026-35030, CVE-2026-42208, CVE-2026-49468) were published between June 29 and July 8, 2026, on OSV.
confidence score
Strong evidence: 2 independent source classes support this read.
signal brief
A cluster of 15+ security advisories for LITELLM (CVE-2024-2952, CVE-2024-4264, CVE-2024-4888, CVE-2024-4890, CVE-2024-5225, CVE-2024-5710, CVE-2024-5751, CVE-2024-6587, CVE-2024-6825, CVE-2024-8984, CVE-2024-9606, CVE-2024-10188, CVE-2025-0330, CVE-2025-0628, CVE-2026-35030, CVE-2026-42208, CVE-2026-49468) were published between June 29 and July 8, 2026, on OSV. The vulnerabilities include Remote Code Execution (RCE), authentication bypass via host header injection, SQL injection, arbitrary file deletion, SSRF, DoS, leakage of API keys, improper authorization, and unsafe use of eval. These flaws affect LITELLM versions prior to the latest development release (1.93.0.dev1, published July 8). The simultaneous disclosure of multiple severe vulnerabilities indicates a systemic security weakness. Users are advised to upgrade immediately, but the rapid discovery chain may erode trust in LITELLM as a reliable proxy for LLM access. This is particularly damaging for enterprises relying on LITELLM for production workflows; adoption may slow as security reviews intensify.
What the sources said
- OSV advisory PYSEC-2026-1544: "SQL injection in litellm" (CVE-2024-4890).
- OSV advisory PYSEC-2026-1541: "LiteLLM Vulnerable to Remote Code Execution (RCE)" (CVE-2024-6825).
- OSV advisory PYSEC-2026-387: "LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint" (CVE-2024-2952).
- OSV advisory PYSEC-2026-390: "LiteLLM: Authentication bypass via OIDC userinfo cache key collision" (CVE-2026-35030).
source data used
“Library to easily interface with LLM API providers”
“Aliases: CVE-2026-49468, PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-4888, GHSA-3xr8-qfvj-9p9j Arbitrary file deletion in litellm”
“Aliases: CVE-2024-6825, GHSA-53gh-p8jc-7rg8 LiteLLM Vulnerable to Remote Code Execution (RCE)”
“Aliases: CVE-2024-4264, GHSA-7ggm-4rjg-594w litellm passes untrusted data to `eval` function without sanitization”
“Aliases: CVE-2025-0330, GHSA-879v-fggm-vxw2 LiteLLM Has a Leakage of Langfuse API Keys”
“Aliases: CVE-2024-4890, GHSA-8j42-pcfm-3467 SQL injection in litellm”
“Aliases: CVE-2024-8984, GHSA-fh2c-86xm-pm2x LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request”
“Aliases: CVE-2025-0628, GHSA-fjcf-3j3r-78rp LiteLLM Has an Improper Authorization Vulnerability”
“Aliases: CVE-2024-6587, GHSA-g26j-5385-hhw3 LiteLLM Server-Side Request Forgery (SSRF) vulnerability”
“Aliases: CVE-2024-9606, GHSA-g5pg-73fc-hjwq LiteLLM Reveals Portion of API Key via a Logging File”
“Aliases: CVE-2024-10188, GHSA-gw2q-qw9j-rgv7 LiteLLM Vulnerable to Denial of Service (DoS)”
“Aliases: CVE-2024-5225, GHSA-h6m6-jj8v-94jj SQL injection in litellm”
“Aliases: CVE-2024-5710, GHSA-qqcv-vg9f-5rr3 litellm vulnerable to improper access control in team management”
“Aliases: CVE-2024-2952, GHSA-46cm-pfwv-cgf8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint”
“Aliases: CVE-2026-49468, GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-5751, GHSA-gppg-gqw8-wh9g litellm vulnerable to remote code execution based on using eval unsafely”
“Aliases: CVE-2026-35030, GHSA-jjhc-v7c2-5hh6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision”
“Aliases: CVE-2026-42208, GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key verification”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.