← signals
2026-07-07·LITELLM·security risk
highdown

Multiple critical security vulnerabilities have been publicly disclosed for the open-source LLM proxy tool LiteLLM.

Multiple critical security vulnerabilities have been publicly disclosed for the open-source LLM proxy tool LiteLLM.

window 30devidence 7confidence score 100

confidence score

Strong evidence: 2 independent source classes support this read.

100
high confidence2 independent source classesotherpasses publish gate

signal brief

Multiple critical security vulnerabilities have been publicly disclosed for the open-source LLM proxy tool LiteLLM. The advisories (CVE-2026-49468, CVE-2024-2952, CVE-2024-5751, CVE-2026-35030, CVE-2026-42208) include authentication bypass via host header injection, server-side template injection, remote code execution through unsafe eval, OIDC cache key collision bypass, and SQL injection in API key verification. These vulnerabilities could allow attackers to gain unauthorized access or execute arbitrary code. A release candidate (1.92.0rc1) was published on July 4, 2026, likely addressing some of these issues, but the disclosure of multiple severe flaws undermines user trust and may slow adoption.

What the sources said:

source data used

Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.