Between June and July 2026, over 20 distinct security advisories were published for the LITELLM library (a popular...
Between June and July 2026, over 20 distinct security advisories were published for the LITELLM library (a popular proxy for accessing LLM APIs) on the OSV database.
confidence score
Strong evidence: 2 independent source classes support this read.
signal brief
Between June and July 2026, over 20 distinct security advisories were published for the LITELLM library (a popular proxy for accessing LLM APIs) on the OSV database. The vulnerabilities include remote code execution (CVE-2024-6825, CVE-2024-5751, CVE-2026-42271), authentication bypass (CVE-2026-49468, CVE-2026-35030), SQL injection (CVE-2024-4890, CVE-2024-5225, CVE-2026-42208), server-side request forgery (CVE-2024-6587), privilege escalation (CVE-2026-35029), arbitrary file deletion (CVE-2024-4888), and API key leakage (CVE-2025-0330). The sheer volume and severity of these issues—spanning from June 16 to July 13, 2026—raise serious concerns about LITELLM's security posture and the safety of deploying it in production environments. Users relying on LITELLM to manage API access to models from OpenAI, Anthropic, and other providers may face increased risk of compromise, data exposure, and unauthorized access. This could erode trust in the tool and prompt enterprises to seek more secure alternatives.
What the sources said
- OSV advisory GHSA-4xpc-pv4p-pm3w (June 16): "LiteLLM: Authentication Bypass via Host Header Injection" (source).
- OSV advisory GHSA-53gh-p8jc-7rg8 (July 7): "LiteLLM Vulnerable to Remote Code Execution (RCE)" (source).
- OSV advisory GHSA-v4p8-mg3p-g94g (July 13): "LiteLLM: Authenticated command execution via MCP stdio test endpoints" (source).
- OSV advisory GHSA-qrc4-49gv-mv9m (July 13): "LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit" (source).
source data used
“Library to easily interface with LLM API providers”
“Aliases: CVE-2026-49468, PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-4888, GHSA-3xr8-qfvj-9p9j Arbitrary file deletion in litellm”
“Aliases: CVE-2024-6825, GHSA-53gh-p8jc-7rg8 LiteLLM Vulnerable to Remote Code Execution (RCE)”
“Aliases: CVE-2024-4264, GHSA-7ggm-4rjg-594w litellm passes untrusted data to `eval` function without sanitization”
“Aliases: CVE-2025-0330, GHSA-879v-fggm-vxw2 LiteLLM Has a Leakage of Langfuse API Keys”
“Aliases: CVE-2024-4890, GHSA-8j42-pcfm-3467 SQL injection in litellm”
“Aliases: CVE-2024-8984, GHSA-fh2c-86xm-pm2x LiteLLM Vulnerable to Denial of Service (DoS) via Crafted HTTP Request”
“Aliases: CVE-2025-0628, GHSA-fjcf-3j3r-78rp LiteLLM Has an Improper Authorization Vulnerability”
“Aliases: CVE-2024-6587, GHSA-g26j-5385-hhw3 LiteLLM Server-Side Request Forgery (SSRF) vulnerability”
“Aliases: CVE-2024-9606, GHSA-g5pg-73fc-hjwq LiteLLM Reveals Portion of API Key via a Logging File”
“Aliases: CVE-2024-10188, GHSA-gw2q-qw9j-rgv7 LiteLLM Vulnerable to Denial of Service (DoS)”
“Aliases: CVE-2024-5225, GHSA-h6m6-jj8v-94jj SQL injection in litellm”
“Aliases: CVE-2024-5710, GHSA-qqcv-vg9f-5rr3 litellm vulnerable to improper access control in team management”
“Aliases: CVE-2026-35029, GHSA-53mr-6c8q-9789 LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint”
“Aliases: CVE-2026-47101, GHSA-qrc4-49gv-mv9m LiteLLM allows an authenticated internal_user to create API keys with access to routes that their role does not permit”
“Aliases: CVE-2026-42271, GHSA-v4p8-mg3p-g94g LiteLLM: Authenticated command execution via MCP stdio test endpoints”
“Aliases: CVE-2026-47102, GHSA-wpfp-gwwc-vwq6 LiteLLM allows a user to modify their own user_role via the /user/update endpoint”
“Aliases: CVE-2026-40217, GHSA-wxxx-gvqv-xp7p LiteLLM has a sandbox escape in custom-code guardrail”
“Aliases: CVE-2026-42203, GHSA-xqmj-j6mv-4862 LiteLLM: Server-Side Template Injection in /prompts/test endpoint”
“Aliases: CVE-2024-2952, GHSA-46cm-pfwv-cgf8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint”
“Aliases: CVE-2026-49468, GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-5751, GHSA-gppg-gqw8-wh9g litellm vulnerable to remote code execution based on using eval unsafely”
“Aliases: CVE-2026-35030, GHSA-jjhc-v7c2-5hh6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision”
“Aliases: CVE-2026-42208, GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key verification”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.