Platform
python
Component
litellm
Fixed in
1.83.1
1.83.0
CVE-2026-35030 describes an Authentication Bypass vulnerability in litellm, a Python library for LLM orchestration. An attacker can exploit this flaw to impersonate legitimate users and gain unauthorized access. This vulnerability affects versions of litellm up to and including 1.9.dev0, but is not enabled by default. A patch is available in version 1.83.0.
The vulnerability stems from how litellm's OIDC userinfo cache handles JWT authentication. When enablejwtauth is set to true, the cache key is derived from the first 20 characters of the JWT token. Due to the nature of JWT headers produced by the same signing algorithm, attackers can craft malicious tokens with a prefix matching a legitimate user's cached token. A successful cache hit allows the attacker to inherit the legitimate user's identity and associated permissions, effectively bypassing authentication. This poses a significant risk to deployments relying on JWT/OIDC authentication for access control.
This vulnerability was publicly disclosed on 2026-04-03. There is currently no indication of active exploitation in the wild, and no public proof-of-concept (PoC) code has been released. The vulnerability is not listed on the CISA KEV catalog as of this writing. Given the complexity of crafting a malicious JWT and the requirement for JWT authentication to be enabled, the probability of exploitation is considered medium.
Exploit Status
EPSS
0.08% (25% percentile)
The primary mitigation is to upgrade to version 1.83.0 or later, which resolves the flawed cache key generation. If upgrading is not immediately feasible, disabling JWT authentication (enablejwtauth: false) is a viable workaround, provided it doesn't disrupt essential functionality. Carefully review your litellm configuration to ensure JWT authentication is only enabled when absolutely necessary. Monitor logs for unusual authentication patterns or unexpected user activity. After upgrading, verify the fix by attempting to authenticate with a crafted JWT token designed to exploit the vulnerability; authentication should fail.
Update LiteLLM to version 1.83.0 or higher to mitigate the authentication bypass vulnerability. This update corrects how OIDC cache keys are handled, preventing attackers from exploiting token collisions to access privileged resources.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-35030 is a critical vulnerability in litellm versions ≤1.9.dev0 that allows attackers to bypass JWT authentication by crafting tokens that match cached user identities, potentially gaining unauthorized access.
You are affected if you are using litellm version 1.9.dev0 or earlier and have JWT/OIDC authentication enabled. Most instances are not affected as JWT authentication is not enabled by default.
Upgrade to version 1.83.0 or later. Alternatively, disable JWT authentication if it's not essential for your application.
There is currently no evidence of active exploitation in the wild, and no public proof-of-concept code has been released.
Refer to the litellm GitHub repository for updates and advisories: [https://github.com/litellm/litellm](https://github.com/litellm/litellm)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.