Researchers at Obsidian Security disclosed a critical three-vulnerability chain in LiteLLM that can let a low-privilege user escalate to proxy admin and achieve server-side code execution. A successful compromise can expose provider keys, decrypted credentials, prompts, responses, and even let an attacker rewrite model outputs in transit. #LiteLLM #ObsidianSecurity #CVE-2026-47101 #CVE-2026-47102 #CVE-2026-40217
Keypoints
- LiteLLM is an AI gateway used to broker access to more than 100 model providers.
- CVE-2026-47101 lets a default internal user bypass authorization by abusing the allowed_routes field.
- CVE-2026-47102 allows privilege escalation by writing user_role: βproxy_adminβ through the /user/update endpoint.
- CVE-2026-40217 enables sandbox escape and server-side code execution in the Custom Code Guardrail.
- BerriAI fixed the chain in LiteLLM v1.83.14-stable, and administrators should upgrade and rotate exposed secrets.
Read More: https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html