LiteLLM, an open-source LLM API proxy, has been hit by multiple security advisories from OSV (Open Source...
LiteLLM, an open-source LLM API proxy, has been hit by multiple security advisories from OSV (Open Source Vulnerabilities) in late June 2026.
confidence score
Strong evidence: 2 independent source classes support this read.
signal brief
LiteLLM, an open-source LLM API proxy, has been hit by multiple security advisories from OSV (Open Source Vulnerabilities) in late June 2026. The advisories detail several high-severity vulnerabilities:
- CVE-2026-49468 (GHSA-4xpc-pv4p-pm3w): Authentication bypass via Host Header Injection in proxy requests (source).
- CVE-2024-2952 (GHSA-46cm-pfwv-cgf8): Server-Side Template Injection in the /completions endpoint (source).
- CVE-2024-5751 (GHSA-gppg-gqw8-wh9g): Remote code execution via unsafe use of eval (source).
- CVE-2026-35030 (GHSA-jjhc-v7c2-5hh6): Authentication bypass via OIDC userinfo cache key collision (source).
- CVE-2026-42208 (GHSA-r75f-5x8p-qvmc): SQL injection in Proxy API key verification (source).
A routine PyPI release (v1.89.6) was also published but does not specifically mention fixes for these CVEs. The combination of authentication bypass, RCE, and SQL injection vulnerabilities poses a serious risk to any deployment. Organizations using LiteLLM should urgently assess their exposure and apply patches as soon as they become available.
What the sources said:
source data used
“Library to easily interface with LLM API providers”
“Aliases: CVE-2026-49468, PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-2952, GHSA-46cm-pfwv-cgf8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint”
“Aliases: CVE-2026-49468, GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-5751, GHSA-gppg-gqw8-wh9g litellm vulnerable to remote code execution based on using eval unsafely”
“Aliases: CVE-2026-35030, GHSA-jjhc-v7c2-5hh6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision”
“Aliases: CVE-2026-42208, GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key verification”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.