A series of security advisories published on OSV.dev from June 29 to July 7, 2026 reveal multiple critical...
A series of security advisories published on OSV.dev from June 29 to July 7, 2026 reveal multiple critical vulnerabilities in LiteLLM, an open-source library for interfacing with LLM APIs.
confidence score
Strong evidence: 2 independent source classes support this read.
signal brief
A series of security advisories published on OSV.dev from June 29 to July 7, 2026 reveal multiple critical vulnerabilities in LiteLLM, an open-source library for interfacing with LLM APIs. The vulnerabilities include Authentication Bypass via Host Header Injection (CVE-2026-49468), Remote Code Execution via unsanitized eval usage (CVE-2024-4264, CVE-2024-5751), SQL injection (CVE-2024-4890, CVE-2024-5225, CVE-2026-42208), arbitrary file deletion (CVE-2024-4888), Server-Side Request Forgery (CVE-2024-6587), Denial of Service (CVE-2024-8984, CVE-2024-10188), improper access control, and leakage of API keys. The breadth and severity of these issues pose a significant security risk to users and organizations relying on LiteLLM for production LLM workloads. Developers should urgently review advisories and apply patches.
What the sources said
- "LiteLLM: Authentication Bypass via Host Header Injection" (OSV advisory)
- "litellm passes untrusted data to
evalfunction without sanitization" (OSV advisory) - "LiteLLM Has a Leakage of Langfuse API Keys" (OSV advisory)
- "Multiple SQL injection vulnerabilities in litellm" (OSV advisory, OSV advisory)
source data used
“Library to easily interface with LLM API providers”
“Aliases: CVE-2026-49468, PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-4888, GHSA-3xr8-qfvj-9p9j Arbitrary file deletion in litellm”
“Aliases: CVE-2024-6825, GHSA-53gh-p8jc-7rg8 LiteLLM Vulnerable to Remote Code Execution (RCE)”
“Aliases: CVE-2024-4264, GHSA-7ggm-4rjg-594w litellm passes untrusted data to `eval` function without sanitization”
“Aliases: CVE-2025-0330, GHSA-879v-fggm-vxw2 LiteLLM Has a Leakage of Langfuse API Keys”
“Aliases: CVE-2024-4890, GHSA-8j42-pcfm-3467 SQL injection in litellm”
“Aliases: CVE-2024-8984, GHSA-fh2c-86xm-pm2x LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request”
“Aliases: CVE-2025-0628, GHSA-fjcf-3j3r-78rp LiteLLM Has an Improper Authorization Vulnerability”
“Aliases: CVE-2024-6587, GHSA-g26j-5385-hhw3 LiteLLM Server-Side Request Forgery (SSRF) vulnerability”
“Aliases: CVE-2024-9606, GHSA-g5pg-73fc-hjwq LiteLLM Reveals Portion of API Key via a Logging File”
“Aliases: CVE-2024-10188, GHSA-gw2q-qw9j-rgv7 LiteLLM Vulnerable to Denial of Service (DoS)”
“Aliases: CVE-2024-5225, GHSA-h6m6-jj8v-94jj SQL injection in litellm”
“Aliases: CVE-2024-5710, GHSA-qqcv-vg9f-5rr3 litellm vulnerable to improper access control in team management”
“Aliases: CVE-2024-2952, GHSA-46cm-pfwv-cgf8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint”
“Aliases: CVE-2026-49468, GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-5751, GHSA-gppg-gqw8-wh9g litellm vulnerable to remote code execution based on using eval unsafely”
“Aliases: CVE-2026-35030, GHSA-jjhc-v7c2-5hh6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision”
“Aliases: CVE-2026-42208, GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key verification”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.