Description
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.
Published: 2026-06-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Admin Key Handler component of BerriAI litellm, specifically within an undisclosed function in litellm/proxy/management_endpoints/key_management_endpoints.py. It allows improper authorization of requests to key management endpoints, meaning an attacker can access, create, or delete administrative keys without proper authentication. This flaw can lead to unauthorized use of language‑model API keys, potentially enabling malicious usage or secret exfiltration.

Affected Systems

All installations of BerriAI litellm up to and including version 1.63.1 are affected. The product is identified as litellm from BerriAI and the associated CPE confirms the same. No later versions are known to contain the fix.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and the EPSS score is not available, but the lack of public exploitation yet does not preclude the risk. The vulnerability can be triggered remotely by any user able to reach the key management endpoints, and a publicly disclosed exploit is already available. The vendor has issued a patch through pull request 23781; however, until applied the flaw remains exploitable.

Generated by OpenCVE AI on June 21, 2026 at 09:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch referenced in PR 23781 to update litellm to a version newer than 1.63.1.
  • Limit network exposure of the key management endpoints to only trusted administrative hosts or by implementing firewall rules that block all external traffic to those endpoints.
  • Disable or remove the exposed Admin Key Handler endpoints until a patched version is deployed, if the functionality is non‑essential.
  • Enable logging for all attempts to access the key management endpoints and monitor for anomalous activity.

Generated by OpenCVE AI on June 21, 2026 at 09:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 22 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Berriai
Berriai litellm
Vendors & Products Berriai
Berriai litellm

Sun, 21 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.
Title BerriAI litellm Admin Key key_management_endpoints.py improper authorization
First Time appeared Litellm
Litellm litellm
Weaknesses CWE-266
CWE-285
CPEs cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
Vendors & Products Litellm
Litellm litellm
References
Metrics cvssV2_0

{'score': 5.5, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-22T18:12:38.503Z

Reserved: 2026-06-20T09:26:17.378Z

Link: CVE-2026-12770

cve-icon Vulnrichment

Updated: 2026-06-22T17:55:31.163Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-21T00:15:08Z

Links: CVE-2026-12770 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T20:45:04Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-285

    Improper Authorization