CVE-2026-47102
LiteLLM < 1.83.10 Privilege Escalation via User Update
LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without chaining any additional flaw.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
BerriAI · litellmpublic PoCs found — 4
githubgithub.com/learner202649/CVE-2026-47102-PoC★ 0cve_referencegist.github.com/13ph03nix/9ec616e1fdc77b3673509c60206e827funverifiedcve_referencehuntr.com/bounties/8e75edfb-ff05-4e63-bfca-2d93d03fb3b9unverifiedcve_referencewww.obsidiansecurity.com/blog/litellm-privilege-escalation-rceunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://gist.github.com/13ph03nix/9ec616e1fdc77b3673509c60206e827fhttps://github.com/BerriAI/litellm/commit/128d32d2494b759c5d15da3452452af4c6a34c01https://github.com/BerriAI/litellm/commit/e6f18ce75b111c9b93dc15c72894cbdeb53177cehttps://github.com/BerriAI/litellm/pull/25541https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stablehttps://huntr.com/bounties/8e75edfb-ff05-4e63-bfca-2d93d03fb3b9https://www.obsidiansecurity.com/blog/litellm-privilege-escalation-rcehttps://www.vulncheck.com/advisories/litellm-privilege-escalation-via-user-update