CVE-2026-47101 - Vulnerability Details

- LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

Description

LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.

Published: 2026-05-21

Score: 8.7 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

LiteLLM versions before 1.83.14 allow a user with an internal_user role to generate API keys that include routes exceeding the user's permissions. The allowed_routes field is stored without verifying that the requested routes fall within the authenticated user's own authority. A key created with access to admin‑only routes can then be used to reach those routes successfully, bypassing the role‑based access controls that would otherwise block the request, thereby enabling full privilege escalation from internal_user to proxy_admin. This is a CWE‑863 vulnerability.

Affected Systems

The vulnerability affects the BerriAI LiteLLM product in all releases prior to 1.83.14. Any installation that still uses these versions and permits authenticated internal_user accounts to request API keys is susceptible.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity risk. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated internal_user account; the attacker can create a rogue API key through the normal key‑generation endpoint and then use that key to access administrative routes that the user would not normally be able to reach.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

BerriAI

litellm

affected

Version	Status	Constraints
`0`	affected	< 1.83.14

No data.

Vendor Product Confidence Versions

Berriai

Litellm

100%

Version	Status	Scheme	Platform
`[0,1.83.14)`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade LiteLLM to version 1.83.14 or later, which validates allowed_routes against the requester's permissions during key creation.
If an upgrade is not immediately possible, disable or restrict the API key generation capability for internal_user role or reconfigure the application to enforce role‑based route checks on key creation.
Audit current user roles and remove any unnecessary admin privileges from internal_user accounts, ensuring that only users with appropriate authority can request keys with broad access.

Generated by OpenCVE AI on May 21, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://gist.github.com/13ph03nix/9ec616e1fdc77b3673509c60206e827f
https://github.com/BerriAI/litellm/commit/2220f3076ac89bd2a2e3439acf57dcfbec2434c9
https://github.com/BerriAI/litellm/commit/5190bd07eb23a037745d86328096f54378f1614a
https://github.com/BerriAI/litellm/commit/d910a95661fce3cdd36f3b06c03ecf9c46c6457c
https://github.com/BerriAI/litellm/releases/tag/v1.83.14-stable
https://huntr.com/bounties/8e75edfb-ff05-4e63-bfca-2d93d03fb3b9
https://www.vulncheck.com/advisories/litellm-privilege-escalation-via-api-key-generation

History

Thu, 21 May 2026 23:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Berriai Berriai litellm
Vendors & Products		Berriai Berriai litellm

Thu, 21 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Description		LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.
Title		LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
Weaknesses		CWE-863
References		https://gist.github.com/13ph03nix/9ec616e1fdc77b3673509c60206e827f https://github.com/BerriAI/litellm/commit/2220f3076ac89bd2a2e3439acf57dcfbec2434c9 https://github.com/BerriAI/litellm/commit/5190bd07eb23a037745d86328096f54378f1614a https://github.com/BerriAI/litellm/commit/d910a95661fce3cdd36f3b06c03ecf9c46c6457c https://github.com/BerriAI/litellm/releases/tag/v1.83.14-stable https://huntr.com/bounties/8e75edfb-ff05-4e63-bfca-2d93d03fb3b9 https://www.vulncheck.com/advisories/litellm-privilege-escalation-via-api-key-generation
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Berriai Litellm

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-05-21T20:33:30.163Z

Updated: 2026-05-21T20:33:30.163Z

Reserved: 2026-05-18T19:22:26.748Z

Link: CVE-2026-47101

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-21T21:16:32.413

Modified: 2026-05-21T21:16:32.413

Link: CVE-2026-47101

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-21T23:00:14Z

Weaknesses

CWE-863

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object