← back
CVE-2026-12770

BerriAI litellm Admin Key key_management_endpoints.py improper authorization

CVSS 5.3 MEDIUMEPSS 0.3%CWE-266CWE-285
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
BerriAI · litellm
public PoCs found1
cve_referencegist.github.com/YLChen-007/993c68152b2c770d53590f1684c755d4unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gist.github.com/YLChen-007/993c68152b2c770d53590f1684c755d4https://github.com/BerriAI/litellm/https://github.com/BerriAI/litellm/pull/23781https://vuldb.com/cve/CVE-2026-12770https://vuldb.com/submit/811279https://vuldb.com/vuln/372512https://vuldb.com/vuln/372512/cti