Description
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.
Published: 2026-06-21
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the Admin Key Handler component of BerriAI litellm, specifically within an undisclosed function in litellm/proxy/management_endpoints/key_management_endpoints.py. It allows improper authorization of requests to key management endpoints, meaning an attacker can access, create, or delete administrative keys without proper authentication. This flaw can lead to unauthorized use of language‑model API keys, potentially enabling malicious usage or secret exfiltration.

Affected Systems

All installations of BerriAI litellm up to and including version 1.63.1 are affected. The product is identified as litellm from BerriAI and the associated CPE confirms the same. No later versions are known to contain the fix.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and the EPSS score is not available, but the lack of public exploitation yet does not preclude the risk. The vulnerability can be triggered remotely by any user able to reach the key management endpoints, and a publicly disclosed exploit is already available. The vendor has issued a patch through pull request 23781; however, until applied the flaw remains exploitable.

Generated by OpenCVE AI on June 21, 2026 at 09:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch referenced in PR 23781 to update litellm to a version newer than 1.63.1.
  • Limit network exposure of the key management endpoints to only trusted administrative hosts or by implementing firewall rules that block all external traffic to those endpoints.
  • Disable or remove the exposed Admin Key Handler endpoints until a patched version is deployed, if the functionality is non‑essential.
  • Enable logging for all attempts to access the key management endpoints and monitor for anomalous activity.

Generated by OpenCVE AI on June 21, 2026 at 09:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.
Title BerriAI litellm Admin Key key_management_endpoints.py improper authorization
First Time appeared Litellm
Litellm litellm
Weaknesses CWE-266
CWE-285
CPEs cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
Vendors & Products Litellm
Litellm litellm
References
Metrics cvssV2_0

{'score': 5.5, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Litellm Litellm
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-21T04:30:35.530Z

Reserved: 2026-06-20T09:26:17.378Z

Link: CVE-2026-12770

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T09:30:09Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment

  • CWE-285

    Improper Authorization