Critical Privilege Escalation Vulnerabilities in LiteLLM Disclosed
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Two critical vulnerabilities (CVE-2026-47101 and CVE-2026-47102) have been identified in LiteLLM versions prior to 1.83.14. CVE-2026-47101 allows authenticated internal users to create API keys with unauthorized access, enabling privilege escalation to proxy_admin. CVE-2026-47102 permits users to modify their own user_role, potentially granting full administrative access. Both vulnerabilities were published on 2026-05-21 and affect users with org_admin and internal_user roles. Exploitation can lead to unauthorized access to sensitive data and administrative functions. Users are urged to update to the latest version to mitigate these risks.
Key Points: • CVE-2026-47101 allows privilege escalation for internal users creating unauthorized API keys. • CVE-2026-47102 enables users to change their roles to proxy_admin, gaining full access. • Both vulnerabilities were disclosed on 2026-05-21 and affect LiteLLM versions prior to 1.83.14.