GHSA-jjhc-v7c2-5hh6: LiteLLM: Authentication bypass via OIDC userinfo cache key collision
Summary
LiteLLM had a security flaw where JWT authentication (a method to verify user identity using encoded tokens) could be bypassed through a cache key collision. When JWT authentication was enabled, the system only used the first 20 characters of a token as a cache key, and since different tokens from the same signing algorithm could have identical first 20 characters, an attacker could create a fake token matching a legitimate user's cached token and gain their permissions. The flaw only affects deployments with JWT/OIDC authentication explicitly enabled, which is not the default configuration.
Solution / Mitigation
Fixed in v1.83.0, where the cache key now uses the full hash of the JWT token instead of just the first 20 characters. Alternatively, disable OIDC userinfo caching by setting the cache TTL to 0, or disable JWT authentication entirely.
Vulnerability Details
EPSS: 0.0%
Yes
April 3, 2026
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://github.com/advisories/GHSA-jjhc-v7c2-5hh6
First tracked: April 3, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%