CVE-2026-35030
LiteLLM has an authentication bypass via OIDC userinfo cache key collision
Vexday Risk Score
48Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.4EPSS 0.4%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Ciclo de vida
06 abr 2026Publicada en NVD
19 may 2026PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled. Fixed in v1.83.0.
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Productos afectados
BerriAI · litellmPoCs públicas encontradas — 1
githubgithub.com/learner202649/CVE-2026-35030-PoC★ 0⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →