HIGHCVE-2026-35029CVSS 7.5

CVE-2026-35029: Privilege Escalation in LiteLLM

Q: What is CVE-2026-35029 — Privilege Escalation in LiteLLM?

CVE-2026-35029 is a HIGH severity vulnerability in LiteLLM versions 0.0.0 through 1.82.0 that allows authenticated users to escalate privileges and potentially gain unauthorized access to system resources.

Q: Am I affected by CVE-2026-35029 in LiteLLM?

If you are using LiteLLM versions 0.0.0 through 1.82.0, you are potentially affected by this vulnerability. Upgrade to version 1.83.0 or later to mitigate the risk.

Q: How do I fix CVE-2026-35029 in LiteLLM?

The recommended fix is to upgrade to LiteLLM version 1.83.0 or later. If upgrading is not immediately possible, implement temporary workarounds such as restricting access to the `/config/update` endpoint.

Q: Is CVE-2026-35029 being actively exploited?

As of now, there is no evidence of active exploitation in the wild, but the vulnerability's severity warrants immediate attention and remediation.

Q: Where can I find the official LiteLLM advisory for CVE-2026-35029?

Refer to the official LiteLLM project repository and security advisories for the latest information and updates regarding CVE-2026-35029.

Platform

python

Component

litellm

Fixed in

1.83.0

AI Confidence: highNVDEPSS 0.2%Reviewed: May 2026

View on NVD

Save

CVE-2026-35029 describes a Privilege Escalation vulnerability within LiteLLM, a Python library. This flaw allows authenticated users to bypass authorization checks on the /config/update endpoint, granting them unauthorized access to modify critical system settings. Affected versions include those from 0.0.0 up to, but not including, version 1.83.0. A patch has been released in version 1.83.0.

Python

Detect this CVE in your project

Upload your requirements.txt file and we'll tell you instantly if you're affected.

Upload requirements.txtSupported formats: requirements.txt · Pipfile.lock

Impact and Attack Scenarios

The /config/update endpoint in LiteLLM lacks proper admin role authorization, creating a significant security risk. An attacker who has already authenticated to the platform can exploit this to modify proxy configurations and environment variables, effectively controlling the application's behavior. More critically, they can register custom pass-through endpoint handlers, allowing them to execute arbitrary Python code on the server – leading to Remote Code Execution (RCE). Furthermore, attackers can read arbitrary server files by manipulating the UILOGOPATH variable and accessing /getimage. Finally, they can potentially take over privileged accounts by overwriting the UIUSERNAME and UI_PASSWORD environment variables, gaining unauthorized access to sensitive data and system resources.

Exploitation Context

CVE-2026-35029 was publicly disclosed on 2026-04-06. As of this writing, there is no indication of active exploitation in the wild. No public proof-of-concept (PoC) code has been released. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 7.5 (HIGH) indicates a significant potential for exploitation if left unaddressed.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Reports1 threat report

EPSS

0.19% (41% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impacttotal

Affected Software

Componentlitellm

VendorBerriAI

Affected rangeFixed in

< 1.83.0 – < 1.83.0—

—1.83.0

Weakness Classification (CWE)

CWE-863

Timeline

Reserved2026-03-31
Published2026-04-06
Modified2026-04-29
EPSS updated2026-04-14

Patched -6 days after disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-35029 is to immediately upgrade LiteLLM to version 1.83.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. Restrict access to the /config/update endpoint to only authorized administrators. Implement strict input validation and sanitization on all parameters passed to this endpoint. Consider using a Web Application Firewall (WAF) to block suspicious requests targeting this endpoint. Regularly review and audit environment variables to detect any unauthorized modifications.

How to fix

Update to version 1.83.0 or higher to mitigate the vulnerability. This version corrects the lack of admin role authorization on the /config/update endpoint, preventing remote code execution and proxy configuration manipulation.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-35029 — Privilege Escalation in LiteLLM?

CVE-2026-35029 is a HIGH severity vulnerability in LiteLLM versions 0.0.0 through 1.82.0 that allows authenticated users to escalate privileges and potentially gain unauthorized access to system resources.

Am I affected by CVE-2026-35029 in LiteLLM?

If you are using LiteLLM versions 0.0.0 through 1.82.0, you are potentially affected by this vulnerability. Upgrade to version 1.83.0 or later to mitigate the risk.

How do I fix CVE-2026-35029 in LiteLLM?

The recommended fix is to upgrade to LiteLLM version 1.83.0 or later. If upgrading is not immediately possible, implement temporary workarounds such as restricting access to the /config/update endpoint.

Is CVE-2026-35029 being actively exploited?

As of now, there is no evidence of active exploitation in the wild, but the vulnerability's severity warrants immediate attention and remediation.

Where can I find the official LiteLLM advisory for CVE-2026-35029?

Refer to the official LiteLLM project repository and security advisories for the latest information and updates regarding CVE-2026-35029.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free Search CVEs