GHSA-53mr-6c8q-9789
Suggest an improvement- Source
- https://github.com/advisories/GHSA-53mr-6c8q-9789
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-53mr-6c8q-9789/GHSA-53mr-6c8q-9789.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-53mr-6c8q-9789
- Aliases
-
- CVE-2026-35029
- Published
- 2026-04-03T21:59:31Z
- Modified
- 2026-04-03T22:16:28.076069Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
- Details
-
Impact
The
/config/update endpointdoes not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following:- Modify proxy configuration and environment variables
- Register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution
- Read arbitrary server files by setting UILOGOPATH and fetching via /get_image
- Take over other priveleged accounts by overwriting UIUSERNAME and UIPASSWORD environment variables
Patches
Fixed in v1.83.0. The endpoint now requires
proxy_adminrole.Workarounds
Restrict API key distribution. There is no configuration-level workaround.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-04-03T21:59:31Z", "severity": "HIGH", "nvd_published_at": null, "cwe_ids": [ "CWE-863" ] }- References
Affected packages
PyPI / litellm
Package
- Name
- litellm
- View open source insights on deps.dev
- Purl
- pkg:pypi/litellm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.83.0
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.31
0.1.32
0.1.34
0.1.201
0.1.202
0.1.203
0.1.204
0.1.205
0.1.206
0.1.207
0.1.208
0.1.209
0.1.210
0.1.211
0.1.212
0.1.213
0.1.214
0.1.215
0.1.216
0.1.217
0.1.218
0.1.219
0.1.220
0.1.221
0.1.222
0.1.223
0.1.224
0.1.225
0.1.226
0.1.227
0.1.228
0.1.229
0.1.230
0.1.231
0.1.232
0.1.233
0.1.234
0.1.235
0.1.236
0.1.237
0.1.238
0.1.330
0.1.331
0.1.341
0.1.343
0.1.345
0.1.347
0.1.348
0.1.349
0.1.351
0.1.352
0.1.353
0.1.354
0.1.356
0.1.360
0.1.361
0.1.362
0.1.363
0.1.364
0.1.365
0.1.366
0.1.367
0.1.368
0.1.369
0.1.370
0.1.371
0.1.372
0.1.373
0.1.375
0.1.376
0.1.379
0.1.380
0.1.381
0.1.383
0.1.384
0.1.385
0.1.386
0.1.387
0.1.388
0.1.389
0.1.392
0.1.393
0.1.394
0.1.398
0.1.399
0.1.400
0.1.401
0.1.402
0.1.403
0.1.404
0.1.405
0.1.408
0.1.410
0.1.411
0.1.412
0.1.415
0.1.419
0.1.420
0.1.421
0.1.422
0.1.424
0.1.425
0.1.426
0.1.429
0.1.432
0.1.433
0.1.434
0.1.435
0.1.436
0.1.437
0.1.438
0.1.439
0.1.440
0.1.441
0.1.442
0.1.443
0.1.444
0.1.445
0.1.446
0.1.447
0.1.448
0.1.449
0.1.450
0.1.451
0.1.452
0.1.456
0.1.457
0.1.459
0.1.460
0.1.461
0.1.464
0.1.465
0.1.475
0.1.477
0.1.479
0.1.480
0.1.481
0.1.482
0.1.486
0.1.487
0.1.488
0.1.490
0.1.491
0.1.492
0.1.493
0.1.494
0.1.495
0.1.497
0.1.500
0.1.501
0.1.504
0.1.507
0.1.508
0.1.509
0.1.510
0.1.511
0.1.512
0.1.516
0.1.517
0.1.518
0.1.520
0.1.525
0.1.530
0.1.531
0.1.533
0.1.535
0.1.536
0.1.537
0.1.538
0.1.544
0.1.546
0.1.547
0.1.548
0.1.549
0.1.550
0.1.551
0.1.552
0.1.553
0.1.554
0.1.555
0.1.556
0.1.557
0.1.558
0.1.559
0.1.560
0.1.561
0.1.562
0.1.563
0.1.567
0.1.568
0.1.569
0.1.570
0.1.574
0.1.578
0.1.580
0.1.582
0.1.583
0.1.585
0.1.586
0.1.587
0.1.590
0.1.591
0.1.593
0.1.594
0.1.595
0.1.596
0.1.597
0.1.598
0.1.600
0.1.601
0.1.604
0.1.605
0.1.607
0.1.609
0.1.610
0.1.615
0.1.618
0.1.619
0.1.620
0.1.621
0.1.623
0.1.624
0.1.625
0.1.626
0.1.629
0.1.630
0.1.631
0.1.632
0.1.634
0.1.635
0.1.636
0.1.638
0.1.639
0.1.641
0.1.642
0.1.643
0.1.644
0.1.645
0.1.646
0.1.647
0.1.648
0.1.649
0.1.650
0.1.651
0.1.652
0.1.674
0.1.680
0.1.681
0.1.683
0.1.685
0.1.686
0.1.687
0.1.689
0.1.690
0.1.692
0.1.693
0.1.696
0.1.697
0.1.698
0.1.700.dev0
0.1.700.dev1
0.1.700.dev2
0.1.700.dev3
0.1.700.dev4
0.1.700.dev5
0.1.700
0.1.702
0.1.704
0.1.706
0.1.714.dev1
0.1.714
0.1.715
0.1.716
0.1.719
0.1.720
0.1.721
0.1.723
0.1.724
0.1.729
0.1.736
0.1.738
0.1.743
0.1.745
0.1.746
0.1.747
0.1.748
0.1.749
0.1.750
0.1.751
0.1.758
0.1.765
0.1.769
0.1.772
0.1.774
0.1.780
0.1.781
0.1.784
0.1.786
0.1.788
0.1.789
0.1.793
0.1.794
0.1.805
0.1.806
0.1.807
0.1.813
0.1.814
0.1.815
0.1.816
0.1.817
0.1.818
0.1.819
0.1.820
0.1.821
0.1.824
0.1.2291
0.1.7701
0.1.7713
0.2.5
0.2.6
0.3.0
0.3.1
0.4.0
0.4.4
0.5.2
0.5.3
0.5.4
0.5.6
0.6.0
0.6.1
0.6.2
0.6.6
0.7.1.dev1
0.7.1.dev2
0.7.1.dev3
0.7.1
0.7.3
0.7.4
0.7.5
0.7.9
0.7.10
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.9.0
0.9.1
0.9.2.dev1
0.9.2
0.10.0
0.10.1
0.11.1
0.12.4.dev1
0.12.4.dev2
0.12.4
0.12.5.dev1
0.12.5
0.12.7.dev1
0.12.7
0.12.8
0.12.9
0.12.10
0.12.11
0.12.12
0.13.0
0.13.1.dev1
0.13.1.dev2
0.13.1.dev3
0.13.1
0.13.2.dev1
0.13.2
0.13.3.dev1
0.13.3.dev2
0.13.6.dev1
0.13.6.dev2
0.13.6.dev3
0.13.7.dev1
0.14.0.dev1
0.14.0
0.14.1
1.*
1.0.0.dev1
1.0.0
1.0.3.dev1
1.0.3
1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.3.1
1.3.3.dev1
1.3.3.dev2
1.3.3.dev3
1.3.3
1.4.0
1.6.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.7.11
1.7.12
1.7.13
1.7.14
1.7.16
1.7.17
1.7.18
1.7.19
1.7.21
1.8.1
1.9.dev0
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.10.dev11
1.10.0
1.10.1
1.10.2
1.10.3
1.10.4
1.10.6
1.10.8
1.10.9
1.10.10
1.10.11
1.11.0
1.11.1
1.12.0
1.12.1
1.12.2
1.12.3
1.12.5.dev1
1.12.5
1.12.6.dev1
1.12.6.dev2
1.12.6.dev3
1.12.6.dev4
1.12.6.dev5
1.12.6
1.12.7
1.12.8
1.12.9
1.13.1
1.13.2
1.14.0.dev1
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5.dev1
1.14.5
1.14.6
1.14.7
1.14.8
1.14.9
1.14.10
1.15.0
1.15.1
1.15.2
1.15.3
1.15.6
1.15.7
1.15.8
1.15.10
1.16.0
1.16.1
1.16.2
1.16.3
1.16.4
1.16.5
1.16.6
1.16.7
1.16.8
1.16.9
1.16.10
1.16.11
1.16.12
1.16.14
1.16.15
1.16.16
1.16.17
1.16.18
1.16.19
1.16.20
1.16.21.dev1
1.16.21.dev2
1.16.21.dev3
1.16.21
1.17.0
1.17.1
1.17.2
1.17.3
1.17.4
1.17.5
1.17.6
1.17.7
1.17.8
1.17.9
1.17.10
1.17.11.dev1
1.17.11.dev2
1.17.12
1.17.13
1.17.14
1.17.15
1.17.16
1.17.17
1.17.18
1.18.0
1.18.1
1.18.2
1.18.3
1.18.4
1.18.5
1.18.6
1.18.7
1.18.8
1.18.9
1.18.10
1.18.11
1.18.12
1.18.13.dev1
1.18.13.dev4
1.18.13.dev5
1.18.13.dev7
1.18.13
1.18.14.dev6
1.18.14.dev7
1.18.14.dev8
1.19.0
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.19.6
1.20.0
1.20.1
1.20.2
1.20.3
1.20.5
1.20.6
1.20.7
1.20.8
1.20.9
1.21.0
1.21.1
1.21.4.dev1
1.21.4
1.21.5
1.21.6
1.21.7
1.22.2
1.22.3
1.22.5
1.22.8
1.22.9
1.22.10.dev1
1.22.10
1.22.11
1.23.0
1.23.1
1.23.2
1.23.3
1.23.4
1.23.5
1.23.7
1.23.8
1.23.9
1.23.10
1.23.12
1.23.14
1.23.15
1.23.16
1.24.1.dev1
1.24.1
1.24.3
1.24.5.dev1
1.24.5
1.24.6
1.25.0.dev2
1.25.0
1.25.1
1.25.2
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4
1.26.5
1.26.6
1.26.7
1.26.8
1.26.9
1.26.10
1.26.11
1.26.13
1.26.14.dev1
1.27.1.dev9
1.27.1.dev11
1.27.1.dev30
1.27.1.dev31
1.27.1.dev40
1.27.1.dev50
1.27.1.dev60
1.27.1
1.27.2.dev1
1.27.2.dev2
1.27.2.dev3
1.27.2.dev4
1.27.3
1.27.4
1.27.6
1.27.7
1.27.8
1.27.9
1.27.10
1.27.13.dev1
1.27.14
1.27.15
1.28.0
1.28.1.dev1
1.28.1
1.28.2
1.28.3
1.28.4.dev1
1.28.4
1.28.6
1.28.7
1.28.8
1.28.9
1.28.10
1.28.11
1.28.13
1.29.1
1.29.2.dev1
1.29.3
1.29.4.dev1
1.29.4
1.29.5
1.29.6.dev1
1.29.7.dev3
1.29.7
1.30.0
1.30.1.dev5
1.30.1.dev6
1.30.1
1.30.2
1.30.3
1.30.4
1.30.5
1.30.6
1.30.7
1.31.2.dev1
1.31.2.dev10
1.31.2
1.31.3
1.31.4
1.31.5
1.31.6
1.31.7
1.31.8
1.31.9
1.31.10
1.31.12
1.31.13.dev1
1.31.13.dev2
1.31.13.dev3
1.31.13.dev10
1.31.13
1.31.14.dev2
1.31.14.dev3
1.31.14.dev4
1.31.14.dev5
1.31.14.dev6
1.31.14.dev8
1.31.14.dev9
1.31.14
1.31.15.dev2
1.31.15
1.31.16
1.31.17
1.32.1
1.32.3
1.32.4
1.32.5.dev1
1.32.7
1.32.9
1.33.0
1.33.1.dev1
1.33.1
1.33.2
1.33.3
1.33.4
1.33.5.dev1
1.33.7
1.33.8
1.33.9
1.34.0
1.34.1.dev1
1.34.1
1.34.3
1.34.4
1.34.5
1.34.6
1.34.8
1.34.10
1.34.11
1.34.12
1.34.13
1.34.14
1.34.16
1.34.17.dev1
1.34.17
1.34.18
1.34.19
1.34.20
1.34.21
1.34.22.dev1
1.34.22
1.34.24.dev1
1.34.25
1.34.26
1.34.27
1.34.28
1.34.29
1.34.32
1.34.33
1.34.34
1.34.35
1.34.36
1.34.37
1.34.38
1.34.39
1.34.40
1.34.41
1.34.42
1.35.0.dev1
1.35.0
1.35.1
1.35.2
1.35.3
1.35.4
1.35.5
1.35.6
1.35.7
1.35.8
1.35.10
1.35.11
1.35.12
1.35.13
1.35.14
1.35.15
1.35.16
1.35.17
1.35.18
1.35.19
1.35.20
1.35.21
1.35.22
1.35.23
1.35.24
1.35.25
1.35.26
1.35.27.dev1
1.35.28
1.35.29
1.35.30
1.35.31
1.35.32
1.35.33
1.35.34
1.35.35
1.35.36
1.35.37
1.35.38
1.36.0
1.36.1
1.36.2
1.36.3
1.36.4
1.37.0
1.37.2
1.37.3
1.37.5
1.37.6
1.37.7
1.37.9
1.37.10
1.37.11
1.37.12
1.37.13
1.37.14
1.37.16
1.37.17
1.37.19
1.37.20
1.38.0
1.38.1
1.38.2
1.38.3
1.38.4
1.38.5
1.38.7
1.38.8
1.38.10
1.38.11
1.38.12
1.39.2
1.39.3
1.39.4
1.39.5.dev1
1.39.5
1.39.6
1.40.0.dev1
1.40.0
1.40.1.dev1
1.40.1
1.40.2
1.40.3
1.40.4
1.40.5
1.40.6
1.40.7
1.40.8
1.40.9
1.40.10
1.40.11
1.40.12
1.40.13
1.40.14
1.40.15
1.40.16
1.40.17
1.40.19
1.40.20
1.40.21
1.40.22
1.40.24
1.40.25
1.40.26
1.40.27
1.40.28
1.40.29
1.40.31
1.41.0
1.41.1
1.41.2
1.41.3
1.41.4
1.41.5
1.41.6
1.41.7
1.41.8
1.41.11
1.41.12
1.41.13
1.41.14
1.41.15.dev2
1.41.15
1.41.17
1.41.18
1.41.19
1.41.20
1.41.21
1.41.22
1.41.23
1.41.24
1.41.25
1.41.26
1.41.27
1.41.28
1.42.0
1.42.1
1.42.2
1.42.3
1.42.4
1.42.5
1.42.6
1.42.7
1.42.8
1.42.9
1.42.10
1.42.11
1.42.12
1.43.0
1.43.1
1.43.2
1.43.3
1.43.4
1.43.5
1.43.6
1.43.7
1.43.9
1.43.10
1.43.12
1.43.13
1.43.15
1.43.16
1.43.17
1.43.18
1.43.19
1.44.1
1.44.2
1.44.3
1.44.4
1.44.5
1.44.6
1.44.7
1.44.8
1.44.9
1.44.10
1.44.11
1.44.12
1.44.13
1.44.14
1.44.15
1.44.16
1.44.17
1.44.18
1.44.19
1.44.21
1.44.22
1.44.23
1.44.24
1.44.25
1.44.26
1.44.27
1.44.28
1.45.0
1.46.0
1.46.1
1.46.2
1.46.4
1.46.5
1.46.6
1.46.7
1.46.8
1.47.0
1.47.1
1.47.2
1.48.0
1.48.1
1.48.2
1.48.3
1.48.4
1.48.5
1.48.6
1.48.7
1.48.8
1.48.9
1.48.10
1.48.11
1.48.12
1.48.14
1.48.15
1.48.16
1.48.17
1.48.18
1.48.19
1.49.0
1.49.1
1.49.2
1.49.3
1.49.4
1.49.5
1.49.6
1.49.7
1.50.0
1.50.1
1.50.2
1.50.4
1.51.0
1.51.1
1.51.2
1.51.3
1.52.0
1.52.1
1.52.2
1.52.3
1.52.4
1.52.5
1.52.6
1.52.8
1.52.9
1.52.10
1.52.11
1.52.12
1.52.14
1.52.15
1.52.16
1.53.1.dev1
1.53.1
1.53.2
1.53.3
1.53.4
1.53.5
1.53.6
1.53.7
1.53.8
1.53.9
1.54.0
1.54.1
1.55.0
1.55.1
1.55.2
1.55.3
1.55.4
1.55.6
1.55.7
1.55.8
1.55.9
1.55.10
1.55.11
1.55.12
1.56.2
1.56.3
1.56.4
1.56.5
1.56.6
1.56.8.dev4
1.56.8.dev5
1.56.8.dev6
1.56.8.dev7
1.56.8
1.56.9
1.56.10
1.57.0
1.57.1
1.57.2
1.57.3
1.57.4
1.57.5
1.57.7.dev1
1.57.7
1.57.8
1.57.10
1.57.11
1.58.0
1.58.1
1.58.2
1.58.4
1.59.0
1.59.1.dev1
1.59.1
1.59.2
1.59.3
1.59.5
1.59.6
1.59.7
1.59.8
1.59.9
1.59.10.dev1
1.59.10
1.59.12
1.60.0
1.60.2
1.60.4
1.60.5
1.60.6
1.60.7
1.60.8
1.60.9
1.61.0.dev1
1.61.0
1.61.1
1.61.2
1.61.3
1.61.4
1.61.5
1.61.6
1.61.7
1.61.8
1.61.9
1.61.11
1.61.13
1.61.15
1.61.16
1.61.17
1.61.19
1.61.20
1.62.1
1.62.4
1.63.0.dev12
1.63.0
1.63.2
1.63.3
1.63.4.dev1
1.63.5
1.63.6
1.63.7
1.63.8
1.63.11.dev1
1.63.11
1.63.12
1.63.14
1.64.1
1.65.0
1.65.0.post1
1.65.1
1.65.3
1.65.4
1.65.4.post1
1.65.5
1.65.6
1.65.7
1.65.8
1.66.0
1.66.1
1.66.2
1.66.3
1.67.0
1.67.0.post1
1.67.1
1.67.2
1.67.4.dev1
1.67.4
1.67.4.post1
1.67.5
1.67.6
1.68.0
1.68.1.dev1
1.68.1
1.68.2
1.69.0
1.69.1
1.69.2
1.69.3
1.70.0
1.70.2
1.70.4
1.71.0
1.71.1
1.71.2
1.71.3
1.72.0
1.72.1
1.72.2
1.72.2.post1
1.72.3
1.72.4
1.72.5.dev1
1.72.5.dev2
1.72.5.dev3
1.72.6
1.72.6.post1
1.72.6.post2
1.72.7.dev1
1.72.7.dev7
1.72.7
1.72.9
1.73.0rc1
1.73.0
1.73.0.post1
1.73.1
1.73.2
1.73.6rc2
1.73.6
1.73.6.post1
1.73.7.dev1
1.73.7.dev2
1.73.7.dev3
1.73.7.dev4
1.73.7
1.74.0
1.74.0.post1
1.74.0.post2
1.74.1
1.74.2
1.74.3rc1
1.74.3rc2
1.74.3rc3
1.74.3
1.74.3.post1
1.74.4.dev1
1.74.4
1.74.6
1.74.7rc1
1.74.7
1.74.7.post1
1.74.7.post2
1.74.8.dev2
1.74.8
1.74.9.dev1
1.74.9.dev2
1.74.9
1.74.9.post1
1.74.9.post2
1.74.12
1.74.14
1.74.15
1.74.15.post1
1.74.15.post2
1.75.0
1.75.2
1.75.3
1.75.4
1.75.5.post1
1.75.5.post2
1.75.6
1.75.7
1.75.8
1.75.9
1.76.0
1.76.1
1.76.2
1.76.3
1.77.0
1.77.1
1.77.2.post1
1.77.3
1.77.4.dev1
1.77.4
1.77.5
1.77.7
1.78.0rc2
1.78.0
1.78.2
1.78.3
1.78.4
1.78.5
1.78.6
1.78.7
1.79.0.dev1
1.79.0.dev2
1.79.0.dev3
1.79.0
1.79.1
1.79.2
1.79.3.dev8
1.79.3
1.80.0
1.80.5
1.80.6
1.80.7
1.80.8
1.80.9
1.80.10
1.80.11
1.80.12
1.80.13
1.80.15
1.80.16
1.80.17
1.81.0
1.81.1
1.81.3
1.81.4
1.81.5
1.81.6
1.81.7
1.81.8
1.81.9.dev1
1.81.9
1.81.10
1.81.11
1.81.12
1.81.13
1.81.14
1.81.15
1.81.16
1.82.0
1.82.1
1.82.2
1.82.3
1.82.4
1.82.5
1.82.6