← signals
2026-07-16·LITELLM·security risk
highdown

Between June and July 2026, over 20 distinct security advisories were published for the LITELLM library (a popular...

Between June and July 2026, over 20 distinct security advisories were published for the LITELLM library (a popular proxy for accessing LLM APIs) on the OSV database.

window 15devidence 25confidence score 100

confidence score

Strong evidence: 2 independent source classes support this read.

100
high confidence2 independent source classesotherpasses publish gate

signal brief

Between June and July 2026, over 20 distinct security advisories were published for the LITELLM library (a popular proxy for accessing LLM APIs) on the OSV database. The vulnerabilities include remote code execution (CVE-2024-6825, CVE-2024-5751, CVE-2026-42271), authentication bypass (CVE-2026-49468, CVE-2026-35030), SQL injection (CVE-2024-4890, CVE-2024-5225, CVE-2026-42208), server-side request forgery (CVE-2024-6587), privilege escalation (CVE-2026-35029), arbitrary file deletion (CVE-2024-4888), and API key leakage (CVE-2025-0330). The sheer volume and severity of these issues—spanning from June 16 to July 13, 2026—raise serious concerns about LITELLM's security posture and the safety of deploying it in production environments. Users relying on LITELLM to manage API access to models from OpenAI, Anthropic, and other providers may face increased risk of compromise, data exposure, and unauthorized access. This could erode trust in the tool and prompt enterprises to seek more secure alternatives.

What the sources said

  • OSV advisory GHSA-4xpc-pv4p-pm3w (June 16): "LiteLLM: Authentication Bypass via Host Header Injection" (source).
  • OSV advisory GHSA-53gh-p8jc-7rg8 (July 7): "LiteLLM Vulnerable to Remote Code Execution (RCE)" (source).
  • OSV advisory GHSA-v4p8-mg3p-g94g (July 13): "LiteLLM: Authenticated command execution via MCP stdio test endpoints" (source).
  • OSV advisory GHSA-qrc4-49gv-mv9m (July 13): "LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit" (source).

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.