CVE-2026-47101
Modified Modified - Updated After Analysis

Privilege Escalation in LiteLLM via API Key Misconfiguration

Vulnerability report for CVE-2026-47101, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-21

Last updated on: 2026-07-01

Assigner: VulnCheck

Description

LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-21
Last Modified
2026-07-01
Generated
2026-07-02
AI Q&A
2026-05-22
EPSS Evaluated
2026-06-30
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
litellm litellm to 1.83.14 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in LiteLLM prior to version 1.83.14 allows an authenticated internal user to escalate privileges to full administrative control by creating API keys with unauthorized access. This privilege escalation can lead to unauthorized access to sensitive data and administrative functions.

Such unauthorized access and privilege escalation can result in violations of common compliance standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data. Failure to enforce role-based access controls and prevent privilege escalation undermines data confidentiality, integrity, and accountability requirements mandated by these regulations.

Therefore, this vulnerability poses a significant risk to compliance by enabling attackers to bypass security controls and potentially access or manipulate protected data and system functions.

Executive Summary

This vulnerability exists in LiteLLM versions prior to 1.83.14 and allows an authenticated internal user to create API keys that grant access to routes beyond their assigned permissions.

When generating an API key, the system does not verify whether the specified allowed routes fall within the user's own role permissions.

As a result, a user can create a key with access to admin-only routes and use it to bypass role-based access controls, effectively escalating their privileges from an internal user to a proxy administrator.

Impact Analysis

This vulnerability can lead to full privilege escalation, allowing an internal user to gain unauthorized administrative access.

An attacker exploiting this flaw could perform actions reserved for administrators, potentially compromising the confidentiality, integrity, and availability of the system.

This could result in unauthorized data access, modification, or deletion, as well as disruption of services.

Detection Guidance

This vulnerability involves unauthorized creation of API keys with elevated route permissions by authenticated internal users. Detection involves monitoring API key generation requests, especially calls to the /key/generate endpoint, to identify keys created with allowed_routes that exceed the user's role permissions.

You should audit logs for API key creation events where the allowed_routes field includes admin-only routes or routes not permitted for the user's role. Additionally, monitor usage of API keys that access admin-only routes such as /user/update.

Suggested commands or approaches include:

  • Query your system or proxy logs for API key creation events and inspect the allowed_routes parameter for unauthorized routes.
  • Use network monitoring tools to detect requests to admin-only endpoints made by API keys that should not have such access.
  • If your system supports it, run queries or scripts to list all API keys and their allowed_routes, checking for any keys with permissions beyond the creator's role.
  • Example (pseudo-command): grep or filter logs for '/key/generate' requests and inspect allowed_routes fields.
Mitigation Strategies

The primary mitigation is to upgrade LiteLLM to version 1.83.14 or later, where this vulnerability has been fixed by enforcing strict validation of the allowed_routes field during API key generation.

The fix restricts setting allowed_routes to proxy administrators only, preventing internal users from creating keys with unauthorized route access.

Additional immediate steps include:

  • Review and revoke any API keys created before the patch that have elevated permissions.
  • Audit user roles and permissions to ensure no unauthorized privilege escalations have occurred.
  • Implement monitoring and alerting on key generation and usage of admin-only routes.
  • Apply any configuration or access control changes recommended in the patch notes to harden authorization checks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47101. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart