Description
A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
Published: 2026-06-21
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the authenticate_user function of litellm's PROXY_ADMIN database API Key Generator causes a manipulated session to expire prematurely. The vulnerability is a type of improper session expiration (CWE‑613) and is exploitable remotely through manipulation of input parameters. An attacker can force users to lose active sessions, disrupting service availability and potentially forcing repeated authentication attempts.

Affected Systems

The issue affects BerriAI's litellm component up to version 1.82.2. Users running any 1.82.2 or earlier build of litellm should verify whether they are exposed to the vulnerable authenticate_user implementation and plan an upgrade accordingly.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, but the fact that the exploit has been published and can be triggered remotely increases the risk. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. Nonetheless the public availability of the exploit suggests that a motivated attacker could mount the attack without significant additional effort. The overall likelihood of exploitation is non‑zero and the impact would be a denial of service by terminating active user sessions.

Generated by OpenCVE AI on June 21, 2026 at 09:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest litellm update that eliminates the faulty authenticate_user logic
  • Restrict access to the API Key Generator endpoint to trusted IP ranges or require multi‑factor authentication
  • Implement server‑side input validation to ensure session parameters cannot be arbitrarily altered and verify session expiration logic matches expected behavior

Generated by OpenCVE AI on June 21, 2026 at 09:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
Title BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user session expiration
First Time appeared Litellm
Litellm litellm
Weaknesses CWE-613
CPEs cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*
Vendors & Products Litellm
Litellm litellm
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Litellm Litellm
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-21T02:00:08.882Z

Reserved: 2026-06-20T09:26:23.462Z

Link: CVE-2026-12772

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T09:30:09Z

Weaknesses
  • CWE-613

    Insufficient Session Expiration