{"data":{"id":"d6c3db4f-9a84-4fc0-bb41-e65c031538f1","title":"CVE-2026-59821: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.82.0-stable, LiteLLM's ","summary":"LiteLLM is a proxy server (a middleman program that forwards requests to different AI language model services) that had a security flaw in versions before 1.82.0-stable. Privileged users could upload custom Python code (a programming language) to create or update guardrails (safety filters), but this code wasn't properly sandboxed (isolated from the rest of the system) and could expose secrets (sensitive credentials) stored in the server's memory. The vulnerability affected the production create and update paths but not the test endpoint.","solution":"Update to LiteLLM version 1.82.0-stable or later, where this issue is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-59821","publishedAt":"2026-07-08T20:16:57.547Z","cveId":"CVE-2026-59821","cweIds":["CWE-94"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LiteLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-08T20:16:57.547Z","capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}