Multiple security advisories have been published for LiteLLM, an open-source library for interfacing with LLM API...
Multiple security advisories have been published for LiteLLM, an open-source library for interfacing with LLM API providers.
confidence score
Strong evidence: 2 independent source classes support this read.
signal brief
Multiple security advisories have been published for LiteLLM, an open-source library for interfacing with LLM API providers. The vulnerabilities include authentication bypass via host header injection (CVE-2026-49468), server-side template injection in the /completions endpoint (CVE-2024-2952), remote code execution via unsafe eval (CVE-2024-5751), authentication bypass via OIDC userinfo cache key collision (CVE-2026-35030), and SQL injection in proxy API key verification (CVE-2026-42208). These vulnerabilities pose significant security risks to users, potentially allowing unauthorized access, privilege escalation, or data breaches. The advisories were published on OSV.dev between June 16 and June 29, 2026. A new PyPI release, litellm 1.90.3, was made on July 3, 2026, which may include fixes, but the advisories indicate that prior versions are affected.
What the sources said:
- OSV advisory GHSA-4xpc-pv4p-pm3w: "LiteLLM: Authentication Bypass via Host Header Injection"
- OSV advisory PYSEC-2026-387: "LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint"
- OSV advisory PYSEC-2026-389: "litellm vulnerable to remote code execution based on using eval unsafely"
- OSV advisory PYSEC-2026-390: "LiteLLM: Authentication bypass via OIDC userinfo cache key collision"
- OSV advisory PYSEC-2026-391: "LiteLLM has SQL Injection in Proxy API key verification"
source data used
“Library to easily interface with LLM API providers”
“Aliases: CVE-2026-49468, PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-2952, GHSA-46cm-pfwv-cgf8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint”
“Aliases: CVE-2026-49468, GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-5751, GHSA-gppg-gqw8-wh9g litellm vulnerable to remote code execution based on using eval unsafely”
“Aliases: CVE-2026-35030, GHSA-jjhc-v7c2-5hh6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision”
“Aliases: CVE-2026-42208, GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key verification”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.