Description
A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
Published: 2026-06-21
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the authenticate_user function of litellm's PROXY_ADMIN database API Key Generator causes a manipulated session to expire prematurely. The vulnerability is a type of improper session expiration (CWE‑613) and is also a concern of inadequate authorization for protected resources (CWE‑826). It is exploitable remotely through manipulation of input parameters. An attacker can force users to lose active sessions, disrupting service availability and potentially forcing repeated authentication attempts.

Affected Systems

The issue affects BerriAI's litellm component up to version 1.82.2. Users running any 1.82.2 or earlier build of litellm should verify whether they are exposed to the vulnerable authenticate_user implementation and plan an upgrade accordingly.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, but the fact that the exploit has been published and can be triggered remotely increases the risk. The EPSS score is <1% and the vulnerability is not listed in CISA KEV. Nonetheless the public availability of the exploit suggests that a motivated attacker could mount the attack without significant additional effort. The overall likelihood of exploitation is non‑zero and the impact would be a denial of service by terminating active user sessions.

Generated by OpenCVE AI on June 29, 2026 at 13:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest litellm update that eliminates the faulty authenticate_user logic
  • Restrict access to the API Key Generator endpoint to trusted IP ranges or require multi‑factor authentication
  • Implement server‑side input validation to ensure session parameters cannot be arbitrarily altered and verify session expiration logic matches expected behavior

Generated by OpenCVE AI on June 29, 2026 at 13:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-826
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Berriai
Berriai litellm
Vendors & Products Berriai
Berriai litellm

Sun, 21 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
Title BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration
First Time appeared Litellm
Litellm litellm
Weaknesses CWE-613
CPEs cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
Vendors & Products Litellm
Litellm litellm
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-22T17:20:24.396Z

Reserved: 2026-06-20T09:26:23.462Z

Link: CVE-2026-12772

cve-icon Vulnrichment

Updated: 2026-06-22T17:20:20.714Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-21T02:00:08Z

Links: CVE-2026-12772 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T14:00:05Z

Weaknesses
  • CWE-613

    Insufficient Session Expiration

  • CWE-826

    Premature Release of Resource During Expected Lifetime