Description
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
Severity (CVSS)
| Base score | 9.5 |
|---|---|
| Severity | Critical |
| Version | CVSS 4.0 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
| Provided by | CNA |
Weaknesses
- CWE-290 — CWE-290: Authentication Bypass by Spoofing
Affected products
| Vendor | Product | Versions |
|---|---|---|
| BerriAI | litellm | < 1.84.0 |
References
- https://github.com/BerriAI/litellm/security/advisories/GHSA-4xpc-pv4p-pm3w (x_refsource_CONFIRM)
- https://github.com/BerriAI/litellm/releases/tag/v1.84.0 (x_refsource_MISC)
Generated from the official CVE List on 23 Jun 2026 10:05 UTC.