CVE-2026-49468
LiteLLM: Authentication Bypass via Host Header Injection
描述
### Impact A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes. The auth layer derived the effective route from `request.url.path` in `litellm/proxy/auth/auth_utils.py::get_request_route()`, which Starlette reconstructs from the `Host` header. A crafted `Host` could therefore make the auth gate evaluate a different route from the one FastAPI dispatched. **Most deployments are not affected.** The bypass is blocked by any upstream layer that validates or normalizes `Host`, such as: - a CDN or WAF, such as Cloudflare - a reverse proxy with `server_name` allowlists - a host-based load balancer **LiteLLM Cloud customers are not affected.** ### Patches Fixed in **`1.84.0`**. Upgrade to `1.84.0` or later. No configuration change is required. ### Workarounds If upgrading is not immediately possible, place the proxy behind an upstream component that validates or normalizes the `Host` header before forwarding (a CDN/WAF, a reverse proxy with explicit `server_name` allowlists, or a cloud load balancer with host-based routing rules), or otherwise restrict network access to the proxy listener. ### References - Patched release: [`v1.84.0`](https://github.com/BerriAI/litellm/releases/tag/v1.84.0) **Discovery Credit**: Le The Thang (KCSC) and Kim Ngoc Chung (One Mount Group)
如何修補 CVE-2026-49468
要修補 CVE-2026-49468,請將受影響套件升級到下列已修補版本。
- —升級至 1.84.0 或更新版本
CVE-2026-49468 正在被利用嗎?
目前沒有被利用訊號。CVE-2026-49468 既不在 CISA KEV 也沒有最新的 EPSS 分數。
受影響套件(1)
- from 0, < 1.84.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |