Executive Summary

CVE-2026-12795 is a vulnerability in LiteLLM versions up to 1.82.2 affecting the SSO Debug Flow component. Specifically, the /sso/debug/login and /sso/debug/callback endpoints lack proper authentication, allowing remote attackers to access sensitive OAuth user profile information such as email addresses and group memberships without credentials.

Additionally, these endpoints leak raw OAuth tokens (access_token, id_token) for Google and Microsoft SSO setups due to a bypass of a recent security patch. The vulnerability also includes a reflected Cross-Site Scripting (XSS) vector because user-controlled data is injected into a script block via json.dumps() without HTML escaping, enabling attackers to execute arbitrary JavaScript in victims' browsers.

The root cause is missing authentication on debug endpoints that rely on security-through-obscurity rather than proper access controls.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive user information such as email addresses, group memberships, and raw OAuth tokens without any authentication.

Attackers can exploit the reflected XSS vulnerability to execute arbitrary JavaScript in users' browsers, potentially stealing session cookies and hijacking user sessions.

Overall, this can result in compromised user accounts, unauthorized access to protected resources, and potential further exploitation within the affected system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if your LiteLLM installation is version 1.82.2 or earlier and if the SSO debug endpoints /sso/debug/login and /sso/debug/callback are accessible without authentication.

You can use network scanning or HTTP request tools to test access to these endpoints and observe if sensitive OAuth user profile information or raw OAuth tokens are exposed.

• Use curl to test access to the debug login endpoint: curl -i http://<host>/sso/debug/login
• Use curl to test access to the debug callback endpoint: curl -i http://<host>/sso/debug/callback
• Check the response for presence of OAuth tokens or user profile data such as email addresses or group memberships.
• Scan your web server logs or use a web application scanner to detect reflected XSS attempts targeting these endpoints.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading LiteLLM to a version later than 1.82.2 where the vulnerability is patched.

If upgrading is not immediately possible, restrict access to the /sso/debug/login and /sso/debug/callback endpoints by implementing proper authentication or network-level access controls.

Disable or remove the SSO debug endpoints from production environments to prevent unauthorized access.

Review and disable the use of return_raw_sso_response=True to avoid leaking raw OAuth tokens.

Monitor your systems for suspicious activity related to these endpoints and consider applying web application firewall (WAF) rules to block malicious requests.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in BerriAI litellm up to version 1.82.2 allows unauthenticated access to sensitive user data through SSO debug endpoints, including OAuth user profile information such as email addresses and group memberships, as well as raw OAuth tokens for Google and Microsoft SSO setups.

This exposure of sensitive personal data without authentication can lead to violations of data protection regulations like GDPR, which mandates strict controls over personal data access and processing.

Furthermore, the reflected cross-site scripting (XSS) vulnerability could enable attackers to steal session cookies and impersonate users, potentially compromising confidentiality and integrity of protected health information, which may impact HIPAA compliance.

Overall, the vulnerability undermines authentication and data protection controls required by common standards and regulations, increasing the risk of unauthorized data disclosure and misuse.

Useful 0 Not Useful 0