← back
CVE-2026-12799

BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

CVSS 5.3 MEDIUMEPSS 0.3%CWE-266CWE-285
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
BerriAI · litellm
public PoCs found1
cve_referencegist.github.com/YLChen-007/3ace22e33e468d0166fe609c9fdf4184unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gist.github.com/YLChen-007/3ace22e33e468d0166fe609c9fdf4184https://vuldb.com/cve/CVE-2026-12799https://vuldb.com/submit/811291https://vuldb.com/vuln/372561https://vuldb.com/vuln/372561/cti