Description
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
Published: 2026-06-22
Score: 9.5 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

LiteLLM, a proxy server for Large Language Model APIs, contains a flaw that allows an attacker to bypass authentication by injecting a malicious Host header. This weakness enables an attacker to execute unauthorized requests through the proxy, potentially accessing or abusing connected LLM services. The flaw is classified as CWE‑290, reflecting a failure to enforce proper authentication controls.

Affected Systems

The vulnerability affects the BerriAI:litellm product. Any deployment of LiteLLM prior to version 1.84.0 is susceptible; version 1.84.0 and later contain the fix.

Risk and Exploitability

The CVSS score is 9.5, indicating critical severity. While the EPSS score is not available, the vulnerability is not listed in CISA’s KEV catalog, suggesting no publicly known exploits at present. The likely attack vector is a network‑based Host header injection performed over HTTP, indicating that systems exposed to external networks could be compromised if the host header is not properly validated.

Generated by OpenCVE AI on June 22, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LiteLLM to version 1.84.0 or later to apply the vendor supplied fix.
  • Configure your deployment to validate the Host header against an allow‑list of trusted domains to prevent injection of arbitrary host values.
  • Limit access to the LiteLLM proxy to trusted internal networks or enforce strict firewall rules, ensuring only authenticated users or systems can send requests through the proxy.

Generated by OpenCVE AI on June 22, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4xpc-pv4p-pm3w LiteLLM: Authentication Bypass via Host Header Injection
History

Tue, 23 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Berriai
Berriai litellm
Vendors & Products Berriai
Berriai litellm

Mon, 22 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
Title LiteLLM: Authentication Bypass via Host Header Injection
Weaknesses CWE-290
References
Metrics cvssV4_0

{'score': 9.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Berriai Litellm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-22T20:37:14.494Z

Reserved: 2026-05-30T04:17:43.094Z

Link: CVE-2026-49468

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T00:15:03Z

Weaknesses
  • CWE-290

    Authentication Bypass by Spoofing