CVE-2026-30623
Received Received - Intake

Remote Code Execution in LiteLLM MCP Server

Vulnerability report for CVE-2026-30623, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-15

Last updated on: 2026-07-15

Assigner: MITRE

Description

LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application allows users to add MCP servers via a JSON configuration specifying arbitrary command and args values. LiteLLM executes these values on the host without validation, enabling attackers to run arbitrary operating system commands. Successful exploitation may result in remote code execution with the privileges of the LiteLLM process.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-15
Last Modified
2026-07-15
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
litellm litellm 1.18.10

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

LiteLLM 1.18.10 has a remote code execution vulnerability in its MCP server creation feature. The application lets users add MCP servers using a JSON config that specifies arbitrary command and args values. LiteLLM runs these values on the host without checking them, allowing attackers to execute any operating system commands. This could lead to remote code execution with the same permissions as the LiteLLM process.

Impact Analysis

If you use LiteLLM 1.18.10, an attacker could exploit this to run malicious commands on your system. This may allow them to take control of your server, steal data, install malware, or disrupt services. The impact depends on the permissions of the LiteLLM process.

Compliance Impact

This vulnerability could lead to unauthorized access or data breaches, violating GDPR and HIPAA requirements for data protection and security. Organizations using LiteLLM 1.18.10 may face compliance violations, legal penalties, and reputational damage if exploited.

Detection Guidance

Check LiteLLM configuration files for MCP server entries with arbitrary command and args values. Inspect running processes for unexpected LiteLLM instances with suspicious command-line arguments.

Mitigation Strategies

Upgrade LiteLLM to a patched version. Disable MCP server creation if not needed. Restrict LiteLLM process permissions to limit damage from potential exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30623. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart