{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12796", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-06-20T17:12:15.581Z", "datePublished": "2026-06-21T09:00:09.028Z", "dateUpdated": "2026-06-22T18:12:18.953Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-21T09:00:09.028Z"}, "title": "BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-613", "lang": "en", "description": "Session Expiration"}]}], "affected": [{"vendor": "BerriAI", "product": "litellm", "versions": [{"version": "1.82.0", "status": "affected"}, {"version": "1.82.1", "status": "affected"}, {"version": "1.82.2", "status": "affected"}], "cpes": ["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"], "modules": ["SSO Authentication Flow"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-06-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-06-20T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-06-20T19:17:33.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-c (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/372558", "name": "VDB-372558 | BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/372558/cti", "name": "VDB-372558 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-12796", "name": "CVE-2026-12796 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/811287", "name": "Submit #811287 | litellm <= 1.82.2 Insufficient Session Expiration (CWE-613)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/5fa8af12e1b183674d7ca96d852fb697", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T18:07:39.063864Z", "id": "CVE-2026-12796", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T18:12:18.953Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12796", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-22T18:07:39.063864Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T18:08:22.622Z"}}], "cna": {"title": "BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-c (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"], "vendor": "BerriAI", "modules": ["SSO Authentication Flow"], "product": "litellm", "versions": [{"status": "affected", "version": "1.82.0"}, {"status": "affected", "version": "1.82.1"}, {"status": "affected", "version": "1.82.2"}]}], "timeline": [{"lang": "en", "time": "2026-06-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-06-20T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-06-20T19:17:33.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/372558", "name": "VDB-372558 | BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/372558/cti", "name": "VDB-372558 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-12796", "name": "CVE-2026-12796 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/811287", "name": "Submit #811287 | litellm <= 1.82.2 Insufficient Session Expiration (CWE-613)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/5fa8af12e1b183674d7ca96d852fb697", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "Session Expiration"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-21T09:00:09.028Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12796", "state": "PUBLISHED", "dateUpdated": "2026-06-22T18:12:18.953Z", "dateReserved": "2026-06-20T17:12:15.581Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-06-21T09:00:09.028Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "litellm: litellm: Session expiration vulnerability in SSO Authentication Flow", "id": "2491143", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491143"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-613", "details": ["A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.", "A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the `get_redirect_response_from_openid` function within the SSO Authentication Flow component. This manipulation leads to session expiration, potentially causing a denial of service for authenticated users."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-12796", "package_state": [{"cpe": "cpe:/a:redhat:exploit_intelligence:0", "fix_state": "Fix deferred", "package_name": "exploit-intelligence-tech-preview/vulnerability-analysis-rhel9", "product_name": "Exploit Intelligence"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/lightspeed-chatbot-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-27/lightspeed-chatbot-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-llama-stack-core-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Under investigation", "package_name": "rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-06-21T09:00:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-12796\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-12796\nhttps://gist.github.com/YLChen-007/5fa8af12e1b183674d7ca96d852fb697\nhttps://vuldb.com/cve/CVE-2026-12796\nhttps://vuldb.com/submit/811287\nhttps://vuldb.com/vuln/372558\nhttps://vuldb.com/vuln/372558/cti"], "statement": "This Moderate flaw in BerriAI litellm allows a remote attacker to trigger session expiration within the SSO Authentication Flow, leading to a denial of service for authenticated users.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.82.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.82.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.82.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "litellm", "source": "cna", "vendor": "BerriAI"}, "product": "litellm", "vendor": "berriai"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "litellm", "vendor": "litellm"}], "created": "2026-06-21T17:00:10.304867+00:00", "updated": "2026-06-21T19:15:04.979928+00:00", "vendors": ["berriai", "berriai$PRODUCT$litellm", "litellm", "litellm$PRODUCT$litellm"]}