{"data":{"id":"035082fb-ec82-431f-9432-785c462c8991","title":"CVE-2026-30623: LiteLLM 1.18.10 contains a remote code execution vulnerability in its MCP server creation functionality. The application","summary":"LiteLLM version 1.18.10 has a remote code execution vulnerability in its MCP server creation feature, where the application accepts JSON configuration files with arbitrary command and args values and executes them without checking if they're safe, allowing attackers to run unauthorized operating system commands with the privileges of the LiteLLM process.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-30623","publishedAt":"2026-07-15T22:16:46.317Z","cveId":"CVE-2026-30623","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LiteLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-15T22:16:46.317Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}