Plattform
python
Komponente
litellm
Behoben in
1.83.1
1.83.0
CVE-2026-35030 describes an Authentication Bypass vulnerability in litellm, a Python library for LLM orchestration. An attacker can exploit this flaw to impersonate legitimate users and gain unauthorized access. This vulnerability affects versions of litellm up to and including 1.9.dev0, but is not enabled by default. A patch is available in version 1.83.0.
The core of this vulnerability lies in how litellm caches user information when JWT (JSON Web Token) authentication is enabled. Specifically, the cache key is derived from only the first 20 characters of the JWT token. Because tokens generated with the same signing algorithm share identical prefixes, an attacker can craft a malicious token whose initial 20 characters match a legitimate user's cached token. Upon a cache hit, the attacker effectively inherits the legitimate user's identity and associated permissions, granting them unauthorized access to the system. The potential impact is significant, ranging from data breaches and unauthorized modifications to complete system compromise, depending on the permissions of the impersonated user.
This vulnerability was publicly disclosed on 2026-04-03. There is no indication of active exploitation at this time, and no public proof-of-concept (PoC) code has been released. The vulnerability has not been added to the CISA KEV catalog. Given the complexity of crafting a malicious JWT and the requirement for JWT authentication to be enabled, the probability of exploitation is currently considered low.
Organizations using litellm with JWT/OIDC authentication enabled, particularly those with custom JWT generation logic or relying on the library for critical access control. Shared hosting environments where multiple users share the same litellm instance and JWT authentication is enabled are also at increased risk.
• python / supply-chain:
import jwt
# Check for JWT authentication enabled
with open('/path/to/litellm_config.py', 'r') as f:
for line in f:
if 'enable_jwt_auth' in line and 'True' in line:
print('JWT authentication is enabled. Investigate further.')• generic web:
curl -I https://your-litellm-endpoint/ | grep 'Authorization: Bearer'• generic web:
# Check access logs for unusual authentication attempts
grep 'Authorization: Bearer' /var/log/nginx/access.logdisclosure
Exploit-Status
EPSS
0.08% (25% Perzentil)
The primary mitigation for CVE-2026-35030 is to upgrade to version 1.83.0 or later, which addresses the flawed cache key generation. If an immediate upgrade is not feasible due to compatibility concerns or breaking changes, consider temporarily disabling JWT authentication if it is not essential. Alternatively, implement stricter token validation rules to prevent the use of tokens with predictable prefixes. Monitor logs for unusual authentication patterns or attempts to access resources with unexpected identities. After upgrading, confirm the fix by attempting to authenticate with a crafted token and verifying that authentication fails.
Aktualisieren Sie LiteLLM auf Version 1.83.0 oder höher, um die Authentifizierungs-Bypass-Schwachstelle zu beheben. Dieses Update behebt die Art und Weise, wie OIDC-Cache-Schlüssel verwaltet werden, und verhindert, dass Angreifer Token-Kollisionen ausnutzen, um auf privilegierte Ressourcen zuzugreifen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-35030 is a critical vulnerability in litellm versions ≤1.9.dev0 that allows attackers to bypass JWT authentication by crafting tokens that match cached user identities, potentially gaining unauthorized access.
You are affected if you are using litellm version 1.9.dev0 or earlier and have JWT/OIDC authentication enabled. Most instances are not affected as JWT authentication is not enabled by default.
Upgrade to version 1.83.0 or later. Alternatively, disable JWT authentication if it's not essential for your application.
There is currently no evidence of active exploitation in the wild, and no public proof-of-concept code has been released.
Refer to the litellm GitHub repository for updates and advisories: [https://github.com/litellm/litellm](https://github.com/litellm/litellm)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.