CVE-2026-49468
Modified Modified - Updated After Analysis

Remote Code Execution in LiteLLM Proxy Server

Vulnerability report for CVE-2026-49468, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-22

Last updated on: 2026-07-08

Assigner: GitHub, Inc.

Description

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, a Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. This vulnerability is fixed in 1.84.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-22
Last Modified
2026-07-08
Generated
2026-07-13
AI Q&A
2026-06-23
EPSS Evaluated
2026-07-11
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
litellm litellm to 1.84.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-290 This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability affects LiteLLM, a proxy server that acts as an AI Gateway to call large language model (LLM) APIs in OpenAI or native format. The issue existed in versions prior to 1.84.0 and was fixed in version 1.84.0.

The vulnerability is severe, with a CVSS v4.0 base score of 9.5, indicating it is highly exploitable and impactful.

Impact Analysis

Given the high CVSS score of 9.5, this vulnerability can have a critical impact. It likely allows an attacker to exploit the LiteLLM proxy server remotely without privileges or user interaction, potentially leading to severe consequences such as complete compromise of the system or data.

Mitigation Strategies

The vulnerability in LiteLLM is fixed in version 1.84.0. To mitigate this vulnerability, you should immediately upgrade your LiteLLM installation to version 1.84.0 or later.

Compliance Impact

The vulnerability in LiteLLM allows unauthenticated access to protected management routes due to an authentication bypass via Host-header manipulation. This critical flaw can lead to unauthorized access, impacting confidentiality, integrity, and availability of the system.

Such unauthorized access and potential data exposure could negatively affect compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on access to sensitive data and systems.

However, the vulnerability is mitigated in many deployments by upstream components that validate or normalize the Host header, and it is fully patched in version 1.84.0.

Detection Guidance

CVE-2026-49468 is an authentication bypass vulnerability in LiteLLM proxy versions prior to 1.84.0 caused by a Host-header parsing issue. Detection involves monitoring for suspicious or crafted Host headers that attempt to manipulate authentication by bypassing the auth gate.

Since the vulnerability exploits the Host header to bypass authentication, you can detect attempts by capturing and inspecting HTTP requests to the LiteLLM proxy for unusual or unexpected Host header values.

Suggested commands to detect potential exploitation attempts include using network packet capture tools like tcpdump or tshark to filter HTTP traffic to the proxy and grep for suspicious Host headers.

  • tcpdump -i <interface> -A -s 0 'tcp port <proxy_port>' | grep -i 'Host:'
  • tshark -i <interface> -Y 'http.host' -T fields -e http.host

Additionally, reviewing proxy logs for requests with unexpected Host header values or authentication bypass patterns can help identify exploitation attempts.

If upgrading to version 1.84.0 is not immediately possible, placing the proxy behind an upstream component that validates or normalizes the Host header (such as a CDN, WAF, or reverse proxy with allowlists) can help mitigate the risk and assist in detection.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49468. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart