LITELLM, a library designed to simplify interfacing with LLM API providers, has been flagged with multiple...
LITELLM, a library designed to simplify interfacing with LLM API providers, has been flagged with multiple high-severity security vulnerabilities.
confidence score
Strong evidence: 2 independent source classes support this read.
signal brief
LITELLM, a library designed to simplify interfacing with LLM API providers, has been flagged with multiple high-severity security vulnerabilities. Published advisories reveal authentication bypass via host header injection (CVE-2026-49468), server-side template injection in the /completions endpoint (CVE-2024-2952), remote code execution via unsafe eval usage (CVE-2024-5751), authentication bypass via OIDC userinfo cache key collision (CVE-2026-35030), and SQL injection in proxy API key verification (CVE-2026-42208). These vulnerabilities could allow attackers to bypass authentication, execute arbitrary code, or access sensitive data. The timing of these disclosures alongside a new release candidate (1.92.0rc1) on PyPI suggests ongoing development but raises concerns about the security posture of the library. Users and organizations relying on LITELLM should review their deployments, apply patches if available, and consider alternative solutions until these issues are resolved. The accumulation of vulnerabilities sets back developer trust and may slow adoption in the LLM tooling ecosystem.
What the sources said
- OSV advisory GHSA-4xpc-pv4p-pm3w: "LiteLLM: Authentication Bypass via Host Header Injection" (Source)
- OSV advisory PYSEC-2026-387: "LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint" (Source)
- OSV advisory PYSEC-2026-389: "litellm vulnerable to remote code execution based on using eval unsafely" (Source)
- OSV advisory PYSEC-2026-391: "LiteLLM has SQL Injection in Proxy API key verification" (Source)
source data used
“Library to easily interface with LLM API providers”
“Aliases: CVE-2026-49468, PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-2952, GHSA-46cm-pfwv-cgf8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint”
“Aliases: CVE-2026-49468, GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-5751, GHSA-gppg-gqw8-wh9g litellm vulnerable to remote code execution based on using eval unsafely”
“Aliases: CVE-2026-35030, GHSA-jjhc-v7c2-5hh6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision”
“Aliases: CVE-2026-42208, GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key verification”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.