CVE-2026-12771
Received Received - Intake
Improper Authorization in BerriAI litellm M2M JWT Handler

Publication date: 2026-06-21

Last updated on: 2026-06-21

Assigner: VulDB

Description
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-21
Last Modified
2026-06-21
Generated
2026-06-21
AI Q&A
2026-06-21
EPSS Evaluated
N/A
NVD
CVE-2026-12771
EUVD
EUVD-2026-38137
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
berriai litellm to 1.82.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-12771 is an authentication bypass and privilege escalation vulnerability in LiteLLM's JWT Machine-to-Machine (M2M) authentication mechanism.

When the `enable_jwt_auth` setting is enabled, a valid M2M JWT token with the `litellm_proxy_admin` scope can bypass UI Single Sign-On (SSO) route separation and gain full administrative access to the proxy server.

This happens because the JWT M2M authentication path lacks route restrictions that are present in the OAuth2 M2M authentication path, allowing the JWT token with admin scope to grant a PROXY_ADMIN role for any route, including sensitive management endpoints.

To exploit this vulnerability, an attacker needs a valid M2M JWT token with the admin scope, which can be generated if they have access to the private key used for JWT signing.

Impact Analysis

This vulnerability allows an attacker with a valid M2M JWT token having admin scope to gain full administrative access to the LiteLLM proxy server.

  • Perform unauthorized actions such as creating users and teams.
  • Generate API keys without authorization.
  • Modify routing rules.
  • Delete keys.

These actions should only be accessible through SSO-authenticated admin sessions, so this vulnerability can lead to significant unauthorized control and potential compromise of the system.

Detection Guidance

This vulnerability can be detected by checking if your LiteLLM Enterprise deployment is using JWT M2M authentication with the `enable_jwt_auth` setting enabled and if the version is up to 1.82.2. Specifically, you should verify whether M2M JWT tokens with the `litellm_proxy_admin` scope can access administrative routes without proper route restrictions.

To detect potential exploitation or presence of this vulnerability, you can monitor network traffic or server logs for requests to administrative endpoints such as `/user/new`, `/team/new`, and `/key/generate` that are authenticated using M2M JWT tokens with admin scopes.

Suggested commands include:

  • Inspect running LiteLLM version: `litellm --version` or check the deployed package version.
  • Search server logs for suspicious JWT tokens accessing admin routes, e.g., `grep '/user/new' /var/log/litellm/access.log | grep 'Authorization: Bearer'`.
  • Use network monitoring tools (e.g., tcpdump or Wireshark) to capture and analyze JWT tokens used in requests to admin endpoints.
  • If you have access to the system, review the configuration file to check if `enable_jwt_auth` is enabled.
Mitigation Strategies

Immediate mitigation steps include:

  • Upgrade LiteLLM to a version later than 1.82.2 where the vulnerability has been fixed by applying route restrictions to the JWT M2M authentication path.
  • If upgrading is not immediately possible, disable the `enable_jwt_auth` setting to prevent JWT M2M authentication from being used.
  • Restrict access to the private key used for JWT signing to prevent attackers from generating valid admin-scoped tokens.
  • Monitor and audit access logs for unauthorized use of admin routes and revoke any suspicious API keys or tokens.
Compliance Impact

The vulnerability in LiteLLM's JWT M2M authentication mechanism allows attackers with a valid M2M JWT token and admin scope to bypass UI Single Sign-On (SSO) restrictions and gain full administrative access to the proxy server. This unauthorized access enables attackers to create users and teams, generate API keys, modify routing rules, and delete keys, which are actions that should be restricted to authenticated admin sessions.

Such unauthorized administrative access and privilege escalation can lead to improper authorization and potential data breaches or misuse of sensitive information. This situation can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls, proper authorization, and protection of personal and sensitive data.

Therefore, exploitation of this vulnerability could result in violations of these regulations due to unauthorized data access or modification, undermining the confidentiality, integrity, and availability of protected data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12771. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart