{"data":{"id":"c57dc938-18b1-43b1-a5cc-2844e859e4b0","title":"GHSA-53mr-6c8q-9789: LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint","summary":"LiteLLM had a security flaw where an authenticated user could access a configuration endpoint (`/config/update`) without needing admin permissions, allowing them to modify settings, run malicious code, read files, or take over admin accounts. The vulnerability affected any user who already had login access to the system.","solution":"Fixed in v1.83.0. The endpoint now requires `proxy_admin` role. As a temporary workaround, restrict API key distribution, though there is no configuration-level workaround available.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-53mr-6c8q-9789","publishedAt":"2026-04-03T21:59:31.000Z","cveId":"CVE-2026-35029","cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":["litellm@< 1.83.0 (fixed: 1.83.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["LiteLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-03T21:59:31.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}