{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12770", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-06-20T09:26:17.378Z", "datePublished": "2026-06-21T00:15:08.657Z", "dateUpdated": "2026-06-22T18:12:38.503Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-21T04:30:35.530Z"}, "title": "BerriAI litellm Admin Key key_management_endpoints.py improper authorization", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-285", "lang": "en", "description": "Improper Authorization"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "BerriAI", "product": "litellm", "versions": [{"version": "1.63.0", "status": "affected"}, {"version": "1.63.1", "status": "affected"}], "cpes": ["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"], "modules": ["Admin Key Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-06-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-06-20T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-06-21T06:35:25.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-c (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/372512", "name": "VDB-372512 | BerriAI litellm Admin Key key_management_endpoints.py improper authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/372512/cti", "name": "VDB-372512 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-12770", "name": "CVE-2026-12770 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/811279", "name": "Submit #811279 | litellm <= 1.63.1 Improper Authorization (CWE-285)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/993c68152b2c770d53590f1684c755d4", "tags": ["exploit"]}, {"url": "https://github.com/BerriAI/litellm/pull/23781", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/BerriAI/litellm/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T17:55:24.067237Z", "id": "CVE-2026-12770", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T18:12:38.503Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12770", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-22T17:55:24.067237Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T17:55:31.163Z"}}], "cna": {"title": "BerriAI litellm Admin Key key_management_endpoints.py improper authorization", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-c (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"], "vendor": "BerriAI", "modules": ["Admin Key Handler"], "product": "litellm", "versions": [{"status": "affected", "version": "1.63.0"}, {"status": "affected", "version": "1.63.1"}]}], "timeline": [{"lang": "en", "time": "2026-06-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-06-20T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-06-21T06:35:25.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/372512", "name": "VDB-372512 | BerriAI litellm Admin Key key_management_endpoints.py improper authorization", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/372512/cti", "name": "VDB-372512 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-12770", "name": "CVE-2026-12770 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/811279", "name": "Submit #811279 | litellm <= 1.63.1 Improper Authorization (CWE-285)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/993c68152b2c770d53590f1684c755d4", "tags": ["exploit"]}, {"url": "https://github.com/BerriAI/litellm/pull/23781", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/BerriAI/litellm/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-285", "description": "Improper Authorization"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-21T04:30:35.530Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12770", "state": "PUBLISHED", "dateUpdated": "2026-06-22T18:12:38.503Z", "dateReserved": "2026-06-20T09:26:17.378Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-06-21T00:15:08.657Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "litellm: BerriAI litellm: Improper authorization vulnerability in Admin Key Handler", "id": "2491100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491100"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-266", "details": ["A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.", "A flaw was found in BerriAI litellm. A remote attacker could exploit an improper authorization vulnerability within the Admin Key Handler component. This could allow the attacker to perform unauthorized actions, leading to limited impacts on data integrity and service availability."], "name": "CVE-2026-12770", "package_state": [{"cpe": "cpe:/a:redhat:exploit_intelligence:0", "fix_state": "Not affected", "package_name": "exploit-intelligence-tech-preview/vulnerability-analysis-rhel9", "product_name": "Exploit Intelligence"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-26/lightspeed-chatbot-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "ansible-automation-platform-27/lightspeed-chatbot-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-llama-stack-core-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-06-21T00:15:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-12770\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-12770\nhttps://gist.github.com/YLChen-007/993c68152b2c770d53590f1684c755d4\nhttps://vuldb.com/cve/CVE-2026-12770\nhttps://vuldb.com/submit/811279\nhttps://vuldb.com/vuln/372512\nhttps://vuldb.com/vuln/372512/cti"], "statement": "Red Hat products that include litellm as a dependency use it as a library for LLM API routing and do not expose the litellm proxy server's admin key management endpoints (/key/block, /key/unblock). The vulnerable code path in the Admin Key Handler component is not reachable in the way litellm is deployed within Red Hat products. Additionally, all shipped versions (1.75.8 and later) are above the affected version range (<= 1.63.1).", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.63.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.63.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "litellm", "source": "cna", "vendor": "BerriAI"}, "product": "litellm", "vendor": "berriai"}], "created": "2026-06-21T09:30:09.167745+00:00", "updated": "2026-06-21T20:45:04.541238+00:00", "vendors": ["berriai", "berriai$PRODUCT$litellm"]}