← signals
2026-07-17·LITELLM·security risk
highdown

Between June 29 and July 17, 2026, 23 CVEs were published for LiteLLM, an open-source LLM API gateway, spanning RCE,...

Between June 29 and July 17, 2026, 23 CVEs were published for LiteLLM, an open-source LLM API gateway, spanning RCE, SQL injection, authentication bypass, sandbox escape, arbitrary file deletion, and API key leakage.

window 30devidence 24confidence score 100

confidence score

Strong evidence: 2 independent source classes support this read.

100
high confidence2 independent source classesotherpasses publish gate

signal brief

Between June 29 and July 17, 2026, 23 CVEs were published for LiteLLM, an open-source LLM API gateway, spanning RCE, SQL injection, authentication bypass, sandbox escape, arbitrary file deletion, and API key leakage. The severity is underscored by multiple remote code execution advisories (PYSEC-2026-1541, PYSEC-2026-389, PYSEC-2026-1552) and a high-speed disclosure of privilege escalation (e.g., PYSEC-2026-2597, PYSEC-2026-2600). This volume of critical flaws in a short period signals significant security hygiene issues. Enterprises using LiteLLM in production face urgent patching pressure and potential trust erosion. The publication of a dev release (1.94.0.dev3) on July 17 suggests ongoing remediation, but the backlog of unpatched vulnerabilities poses immediate operational risk.

What the sources said:

  • OSV advisory PYSEC-2026-1541: "LiteLLM Vulnerable to Remote Code Execution (RCE)" (https://osv.dev/vulnerability/PYSEC-2026-1541)
  • OSV advisory PYSEC-2026-2597: "LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint" (https://osv.dev/vulnerability/PYSEC-2026-2597)
  • OSV advisory PYSEC-2026-2601: "LiteLLM has a sandbox escape in custom-code guardrail" (https://osv.dev/vulnerability/PYSEC-2026-2601)
  • OSV advisory PYSEC-2026-388: "LiteLLM: Authentication Bypass via Host Header Injection" (https://osv.dev/vulnerability/PYSEC-2026-388)

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.