CVE-2026-35029
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not
CVSS
8.8
Alto
EPSS
26.4%
p98
KEV
—
Exploit Today
29
0-100
Publicado: 6 abr 2026 · Última mod.: 15 jul 2026 · CWE-863 · CWE-425
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment variables, register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution, read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image, and take over other privileged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables. Fixed in v1.83.0.
- github.comhttps://github.com/BerriAI/litellm/security/advisories/GHSA-53mr-6c8q-9789
- seclists.orghttp://seclists.org/fulldisclosure/2026/Apr/17
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:13545
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:28960
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:30056
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-35029
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2455474
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35029.json