CVE-2026-47102: LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint c
highvulnerability
security
Summary
LiteLLM versions before 1.83.10 have a vulnerability where users can change their own role to proxy_admin (an administrative role) through the /user/update endpoint, giving them full control over the system including all users, teams, and API keys. Even users with org_admin privileges can exploit this flaw without needing to chain it with other attacks.
Solution / Mitigation
Update LiteLLM to version 1.83.10 or later.
Vulnerability Details
CVSS Score
8.8(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
network
Attack Complexity
low
Privileges Required
low
User Interaction
none
Disclosure Date
May 21, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
LangChain
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-47102
First tracked: May 21, 2026 at 08:10 PM
Classified by LLM (prompt v3) · confidence: 95%