CVE-2026-35029
EPSS 19.4%LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
Description
### Impact The `/config/update endpoint` does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution - Read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image - Take over other priveleged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables ### Patches Fixed in v1.83.0. The endpoint now requires `proxy_admin` role. ### Workarounds Restrict API key distribution. There is no configuration-level workaround.
Affected packages (1)
- PyPI/litellmfrom 0, < 1.83.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N |