<0.1% probability · 14.3th percentile — 2026-05-08
Affected versions
LiteLLM 1.74.2 to before 1.83.7
Summary
This flaw allows any authenticated user with a valid LiteLLM API key to run arbitrary code on the proxy host. Two MCP server preview endpoints accept arbitrary command configurations from users and spawn them as subprocesses without additional privilege checks. Even low-privilege authenticated users can leverage this to gain full control over the proxy server.
Remediation
Upgrade LiteLLM to version 1.83.7 or newer as soon as possible. Ensure only trusted users have active API keys for your LiteLLM deployment until patching is complete. Audit proxy logs for suspicious activity from non-admin authenticated users.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.