On July 7-8, 2026, a series of OSV advisories were published detailing multiple critical vulnerabilities in LITELLM, an...
On July 7-8, 2026, a series of OSV advisories were published detailing multiple critical vulnerabilities in LITELLM, an open-source LLM API proxy.
confidence score
Strong evidence: 2 independent source classes support this read.
signal brief
On July 7-8, 2026, a series of OSV advisories were published detailing multiple critical vulnerabilities in LITELLM, an open-source LLM API proxy. These include Remote Code Execution (CVE-2024-6825, CVE-2024-5751), SQL injection (CVE-2024-4890, CVE-2024-5225), authentication bypass (CVE-2026-49468, CVE-2026-35030), arbitrary file deletion (CVE-2024-4888), SSRF (CVE-2024-6587), improper authorization (CVE-2025-0628), and denial-of-service (CVE-2024-8984, CVE-2024-10188). The breadth and severity of these flaws severely undermine LITELLM's security posture, likely eroding developer trust and adoption, especially in production environments. A new release (1.92.0rc2) was published on PyPI on July 8, but it is unclear if it addresses all vulnerabilities.
What the sources said:
- OSV advisory PYSEC-2026-1541: "LiteLLM Vulnerable to Remote Code Execution (RCE)"
- OSV advisory PYSEC-2026-1540: "Arbitrary file deletion in litellm"
- OSV advisory PYSEC-2026-1548: "LiteLLM Reveals Portion of API Key via a Logging File"
- OSV advisory PYSEC-2026-1550: "SQL injection in litellm"
source data used
“Library to easily interface with LLM API providers”
“Aliases: CVE-2026-49468, PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-4888, GHSA-3xr8-qfvj-9p9j Arbitrary file deletion in litellm”
“Aliases: CVE-2024-6825, GHSA-53gh-p8jc-7rg8 LiteLLM Vulnerable to Remote Code Execution (RCE)”
“Aliases: CVE-2024-4264, GHSA-7ggm-4rjg-594w litellm passes untrusted data to `eval` function without sanitization”
“Aliases: CVE-2025-0330, GHSA-879v-fggm-vxw2 LiteLLM Has a Leakage of Langfuse API Keys”
“Aliases: CVE-2024-4890, GHSA-8j42-pcfm-3467 SQL injection in litellm”
“Aliases: CVE-2024-8984, GHSA-fh2c-86xm-pm2x LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request”
“Aliases: CVE-2025-0628, GHSA-fjcf-3j3r-78rp LiteLLM Has an Improper Authorization Vulnerability”
“Aliases: CVE-2024-6587, GHSA-g26j-5385-hhw3 LiteLLM Server-Side Request Forgery (SSRF) vulnerability”
“Aliases: CVE-2024-9606, GHSA-g5pg-73fc-hjwq LiteLLM Reveals Portion of API Key via a Logging File”
“Aliases: CVE-2024-10188, GHSA-gw2q-qw9j-rgv7 LiteLLM Vulnerable to Denial of Service (DoS)”
“Aliases: CVE-2024-5225, GHSA-h6m6-jj8v-94jj SQL injection in litellm”
“Aliases: CVE-2024-5710, GHSA-qqcv-vg9f-5rr3 litellm vulnerable to improper access control in team management”
“Aliases: CVE-2024-2952, GHSA-46cm-pfwv-cgf8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint”
“Aliases: CVE-2026-49468, GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-5751, GHSA-gppg-gqw8-wh9g litellm vulnerable to remote code execution based on using eval unsafely”
“Aliases: CVE-2026-35030, GHSA-jjhc-v7c2-5hh6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision”
“Aliases: CVE-2026-42208, GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key verification”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.