Multiple critical security vulnerabilities have been publicly disclosed for the open-source LLM proxy tool LiteLLM.
Multiple critical security vulnerabilities have been publicly disclosed for the open-source LLM proxy tool LiteLLM.
confidence score
Strong evidence: 2 independent source classes support this read.
signal brief
Multiple critical security vulnerabilities have been publicly disclosed for the open-source LLM proxy tool LiteLLM. The advisories (CVE-2026-49468, CVE-2024-2952, CVE-2024-5751, CVE-2026-35030, CVE-2026-42208) include authentication bypass via host header injection, server-side template injection, remote code execution through unsafe eval, OIDC cache key collision bypass, and SQL injection in API key verification. These vulnerabilities could allow attackers to gain unauthorized access or execute arbitrary code. A release candidate (1.92.0rc1) was published on July 4, 2026, likely addressing some of these issues, but the disclosure of multiple severe flaws undermines user trust and may slow adoption.
What the sources said:
- OSV advisory GHSA-4xpc-pv4p-pm3w: "LiteLLM: Authentication Bypass via Host Header Injection"
- OSV advisory PYSEC-2026-387: "LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint"
- OSV advisory PYSEC-2026-389: "litellm vulnerable to remote code execution based on using eval unsafely"
- OSV advisory PYSEC-2026-391: "LiteLLM has SQL Injection in Proxy API key verification"
- PyPI release 1.92.0rc1 indicates ongoing development but no explicit mention of fixes.
source data used
“Library to easily interface with LLM API providers”
“Aliases: CVE-2026-49468, PYSEC-2026-388 LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-2952, GHSA-46cm-pfwv-cgf8 LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint”
“Aliases: CVE-2026-49468, GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection”
“Aliases: CVE-2024-5751, GHSA-gppg-gqw8-wh9g litellm vulnerable to remote code execution based on using eval unsafely”
“Aliases: CVE-2026-35030, GHSA-jjhc-v7c2-5hh6 LiteLLM: Authentication bypass via OIDC userinfo cache key collision”
“Aliases: CVE-2026-42208, GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key verification”
Decision support, not stock advice. This signal is research with cited evidence — not a recommendation to buy, sell, or hold any security.