Platform
python
Component
litellm
Fixed in
1.83.0
CVE-2026-35029 describes a Privilege Escalation vulnerability within LiteLLM, a Python library. This flaw allows authenticated users to bypass authorization checks on the /config/update endpoint, granting them unauthorized access to modify critical system settings. Affected versions include those from 0.0.0 up to, but not including, version 1.83.0. A patch has been released in version 1.83.0.
The /config/update endpoint in LiteLLM lacks proper admin role authorization, creating a significant security risk. An attacker who has already authenticated to the platform can exploit this to modify proxy configurations and environment variables, effectively controlling the application's behavior. More critically, they can register custom pass-through endpoint handlers, allowing them to execute arbitrary Python code on the server – leading to Remote Code Execution (RCE). Furthermore, attackers can read arbitrary server files by manipulating the UILOGOPATH variable and accessing /getimage. Finally, they can potentially take over privileged accounts by overwriting the UIUSERNAME and UI_PASSWORD environment variables, gaining unauthorized access to sensitive data and system resources.
CVE-2026-35029 was publicly disclosed on 2026-04-06. As of this writing, there is no indication of active exploitation in the wild. No public proof-of-concept (PoC) code has been released. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 7.5 (HIGH) indicates a significant potential for exploitation if left unaddressed.
Exploit Status
EPSS
0.19% (41% percentile)
CISA SSVC
The primary mitigation for CVE-2026-35029 is to immediately upgrade LiteLLM to version 1.83.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. Restrict access to the /config/update endpoint to only authorized administrators. Implement strict input validation and sanitization on all parameters passed to this endpoint. Consider using a Web Application Firewall (WAF) to block suspicious requests targeting this endpoint. Regularly review and audit environment variables to detect any unauthorized modifications.
Update to version 1.83.0 or higher to mitigate the vulnerability. This version corrects the lack of admin role authorization on the /config/update endpoint, preventing remote code execution and proxy configuration manipulation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-35029 is a HIGH severity vulnerability in LiteLLM versions 0.0.0 through 1.82.0 that allows authenticated users to escalate privileges and potentially gain unauthorized access to system resources.
If you are using LiteLLM versions 0.0.0 through 1.82.0, you are potentially affected by this vulnerability. Upgrade to version 1.83.0 or later to mitigate the risk.
The recommended fix is to upgrade to LiteLLM version 1.83.0 or later. If upgrading is not immediately possible, implement temporary workarounds such as restricting access to the /config/update endpoint.
As of now, there is no evidence of active exploitation in the wild, but the vulnerability's severity warrants immediate attention and remediation.
Refer to the official LiteLLM project repository and security advisories for the latest information and updates regarding CVE-2026-35029.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.