← signals
2026-07-12·LITELLM·security risk
meddown

A series of security advisories published on the Open Source Vulnerabilities (OSV) database between June and July 2026...

A series of security advisories published on the Open Source Vulnerabilities (OSV) database between June and July 2026 reveal multiple critical vulnerabilities in LITELLM, an open-source library for interfacing with LLM API providers.

window 30devidence 19confidence score 100

confidence score

Strong evidence: 2 independent source classes support this read.

100
medium confidence2 independent source classesotherpasses publish gate

signal brief

A series of security advisories published on the Open Source Vulnerabilities (OSV) database between June and July 2026 reveal multiple critical vulnerabilities in LITELLM, an open-source library for interfacing with LLM API providers. The vulnerabilities range from authentication bypass and remote code execution (RCE) to SQL injection and server-side request forgery (SSRF). These flaws could allow attackers to compromise systems using LITELLM, leading to data breaches, service disruption, or unauthorized access. The advisories are publicly listed with CVE identifiers, indicating the vulnerabilities are known and potentially exploitable. While LITELLM's latest PyPI release (1.92.0, dated July 12, 2026) may include fixes, the severity and wide scope of the security issues raise concerns about the library's security posture. This could erode trust among developers and enterprises relying on LITELLM for production AI workflows.

What the sources said:

  • Source 2: "CVE-2026-49468: LiteLLM: Authentication Bypass via Host Header Injection"
  • Source 4: "CVE-2024-6825: LiteLLM Vulnerable to Remote Code Execution (RCE)"
  • Source 7: "CVE-2024-4890: SQL injection in litellm"
  • Source 10: "CVE-2024-6587: LiteLLM Server-Side Request Forgery (SSRF) vulnerability"

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.