← signals
2026-07-09·LITELLM·security risk
highdown

On July 7-8, 2026, a series of OSV advisories were published detailing multiple critical vulnerabilities in LITELLM, an...

On July 7-8, 2026, a series of OSV advisories were published detailing multiple critical vulnerabilities in LITELLM, an open-source LLM API proxy.

window 15devidence 19confidence score 100

confidence score

Strong evidence: 2 independent source classes support this read.

100
high confidence2 independent source classesotherpasses publish gate

signal brief

On July 7-8, 2026, a series of OSV advisories were published detailing multiple critical vulnerabilities in LITELLM, an open-source LLM API proxy. These include Remote Code Execution (CVE-2024-6825, CVE-2024-5751), SQL injection (CVE-2024-4890, CVE-2024-5225), authentication bypass (CVE-2026-49468, CVE-2026-35030), arbitrary file deletion (CVE-2024-4888), SSRF (CVE-2024-6587), improper authorization (CVE-2025-0628), and denial-of-service (CVE-2024-8984, CVE-2024-10188). The breadth and severity of these flaws severely undermine LITELLM's security posture, likely eroding developer trust and adoption, especially in production environments. A new release (1.92.0rc2) was published on PyPI on July 8, but it is unclear if it addresses all vulnerabilities.

What the sources said:

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.