← signals
2026-07-06·LITELLM·security risk
meddown

LITELLM, a library designed to simplify interfacing with LLM API providers, has been flagged with multiple...

LITELLM, a library designed to simplify interfacing with LLM API providers, has been flagged with multiple high-severity security vulnerabilities.

window 30devidence 7confidence score 100

confidence score

Strong evidence: 2 independent source classes support this read.

100
medium confidence2 independent source classesotherpasses publish gate

signal brief

LITELLM, a library designed to simplify interfacing with LLM API providers, has been flagged with multiple high-severity security vulnerabilities. Published advisories reveal authentication bypass via host header injection (CVE-2026-49468), server-side template injection in the /completions endpoint (CVE-2024-2952), remote code execution via unsafe eval usage (CVE-2024-5751), authentication bypass via OIDC userinfo cache key collision (CVE-2026-35030), and SQL injection in proxy API key verification (CVE-2026-42208). These vulnerabilities could allow attackers to bypass authentication, execute arbitrary code, or access sensitive data. The timing of these disclosures alongside a new release candidate (1.92.0rc1) on PyPI suggests ongoing development but raises concerns about the security posture of the library. Users and organizations relying on LITELLM should review their deployments, apply patches if available, and consider alternative solutions until these issues are resolved. The accumulation of vulnerabilities sets back developer trust and may slow adoption in the LLM tooling ecosystem.

What the sources said

  • OSV advisory GHSA-4xpc-pv4p-pm3w: "LiteLLM: Authentication Bypass via Host Header Injection" (Source)
  • OSV advisory PYSEC-2026-387: "LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint" (Source)
  • OSV advisory PYSEC-2026-389: "litellm vulnerable to remote code execution based on using eval unsafely" (Source)
  • OSV advisory PYSEC-2026-391: "LiteLLM has SQL Injection in Proxy API key verification" (Source)

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.