CVE-2026-59822: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, LiteLLM's MCP Str
Summary
LiteLLM is a proxy server (an intermediary that forwards requests to AI language model APIs) that had a security flaw before version 1.84.0 where attackers could fake an Authorization header to bypass authentication checks and access AI tools without a valid LiteLLM key. The vulnerability affected the MCP Streamable HTTP endpoint (a network interface for handling streaming data) and allowed unauthenticated requests to reach protected systems.
Solution / Mitigation
Update LiteLLM to version 1.84.0 or later, where this issue is fixed.
Vulnerability Details
EPSS: 0.0%
July 8, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-59822
First tracked: July 8, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 92%