← back
CVE-2026-40217

CVE-2026-40217

CVSS 8.8 HIGHEPSS 0.7%CWE-420
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
BerriAI · LiteLLM
public PoCs found1
githubgithub.com/learner202649/CVE-2026-40217-PoC0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm/