CVEFinder.io

CVE-2026-35030

⛔ critical
🔍 Scan for this CVE
Summary

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cach

Description

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled. Fixed in v1.83.0.

CVSS Score
9.1
Critical
EPSS Score
0.1
Exploit Probability
Published Date
2026-04-06
First Seen: 2026-04-07
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 328,009 vulnerabilities in our database.

#40,306
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Apr 7, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-04-07
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-287

📦 Affected Products 1

Vendor Product Status Affected Versions
litellm litellm Affected
< 1.83.0

🔗 References 1

https://github.com/BerriAI/litellm/security/advisori...
Vendor Advisory Mitigation

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-47101 ⚠️ high 8.8 0.5 LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role ... 2026-05-21
CVE-2026-47102 ⚠️ high 8.8 0.4 LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint c... 2026-05-21
CVE-2026-42208 ⛔ critical 9.8 37.4 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before ver... 2026-05-08
CVE-2026-42271 ⚠️ high 8.8 53.7 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before vers... 2026-05-08
CVE-2026-40217 ⚠️ high 8.8 0.2 LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t... 2026-04-10
CVE-2026-35029 ⚠️ high 8.8 0.2 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/updat... 2026-04-06
These CVEs affect the same products