CVEFinder.io

CVE-2026-35029

⚠️ high
🔍 Scan for this CVE
Summary

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment variables, register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution, read arbitrary server files by setting UI_LOGO_PATH and fetchin

Description

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to modify proxy configuration and environment variables, register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution, read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image, and take over other privileged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables. Fixed in v1.83.0.

CVSS Score
8.8
High
EPSS Score
0.2
Exploit Probability
Published Date
2026-04-06
First Seen: 2026-04-07
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 328,009 vulnerabilities in our database.

#62,016
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Apr 6, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-04-07
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-863

📦 Affected Products 1

Vendor Product Status Affected Versions
litellm litellm Affected
< 1.83.0

🔗 References 1

https://github.com/BerriAI/litellm/security/advisori...
Vendor Advisory Mitigation

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-47101 ⚠️ high 8.8 0.5 LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role ... 2026-05-21
CVE-2026-47102 ⚠️ high 8.8 0.4 LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint c... 2026-05-21
CVE-2026-42208 ⛔ critical 9.8 37.4 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before ver... 2026-05-08
CVE-2026-42271 ⚠️ high 8.8 53.7 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before vers... 2026-05-08
CVE-2026-40217 ⚠️ high 8.8 0.2 LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t... 2026-04-10
CVE-2026-35030 ⛔ critical 9.1 0.1 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authenti... 2026-04-06
These CVEs affect the same products