Executive Summary

CVE-2026-12799 is a security vulnerability in BerriAI litellm (up to version 1.82.2) that results from an incomplete fix of a previous issue (CVE-2025-0628). The vulnerability exists in the function ui_view_users within the LiteLLM proxy system, specifically due to a misconfigured routing whitelist in the `/user/filter/ui` endpoint. This misconfiguration allows low-privileged authenticated users, such as those with the internal_user_viewer role, to bypass authorization checks.

As a result, attackers can enumerate all user IDs and email addresses across the system, including those of administrators and users from other organizations. This happens because the endpoint lacks proper role-based access control (RBAC) validation, enabling unauthorized access to sensitive user data.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to significant information disclosure by allowing unauthorized users to access sensitive user data such as user IDs and email addresses. In multi-tenant environments, this can cause data isolation breaches, exposing information across different organizations.

The exposure of this information increases the risk of phishing attacks and further exploitation through Insecure Direct Object References (IDOR) vulnerabilities. Attackers can leverage the leaked data to target users or escalate their privileges.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the misconfigured endpoint `/user/filter/ui` with an authenticated user account that has minimal privileges, such as `internal_user_viewer`. If the endpoint returns a list of user IDs and email addresses, including those of administrators and users from other organizations, it indicates the presence of the vulnerability.

A practical detection method is to send an HTTP request to the vulnerable endpoint and observe the response for unauthorized user data exposure.

Example command using curl to test the endpoint (replace <token> with a valid authentication token):

• curl -H "Authorization: Bearer <token>" https://<target-host>/user/filter/ui

If the response contains user information beyond what the authenticated user should access, the vulnerability is present.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the `/user/filter/ui` endpoint by implementing proper role-based access control (RBAC) to ensure only authorized users can access sensitive user data.

Review and correct the routing whitelist configuration to remove the `/user/filter/ui` endpoint from the `info_routes` list if it is not intended to be publicly or broadly accessible.

Apply any available patches or updates from the vendor addressing this incomplete fix for CVE-2025-0628.

In the absence of an immediate patch, consider disabling or restricting the vulnerable component or endpoint until a fix is applied.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows low-privileged users to bypass authorization checks and access sensitive user data, including user IDs and email addresses across the system. Such unauthorized disclosure of personal and potentially sensitive information can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls over access to personal data and require organizations to protect user privacy and confidentiality.

The exposure of sensitive information and potential data isolation breaches in multi-tenant environments increase the risk of non-compliance with these standards, as they require proper role-based access control and data segregation to prevent unauthorized data access.

Useful 0 Not Useful 0