Platform
python
Component
litellm
Opgelost in
1.83.0
CVE-2026-35029 describes a Privilege Escalation vulnerability within LiteLLM, a Python library. This flaw allows authenticated users to bypass authorization checks on the /config/update endpoint, granting them unauthorized access to modify critical system settings. Affected versions include those from 0.0.0 up to, but not including, version 1.83.0. A patch has been released in version 1.83.0.
The /config/update endpoint in LiteLLM lacks proper admin role authorization, creating a significant security risk. An attacker who has already authenticated to the platform can exploit this to modify proxy configurations and environment variables, effectively controlling the application's behavior. More critically, they can register custom pass-through endpoint handlers, allowing them to execute arbitrary Python code on the server – leading to Remote Code Execution (RCE). Furthermore, attackers can read arbitrary server files by manipulating the UILOGOPATH variable and accessing /getimage. Finally, they can potentially take over privileged accounts by overwriting the UIUSERNAME and UI_PASSWORD environment variables, gaining unauthorized access to sensitive data and system resources.
CVE-2026-35029 was publicly disclosed on 2026-04-06. As of this writing, there is no indication of active exploitation in the wild. No public proof-of-concept (PoC) code has been released. The vulnerability has not been added to the CISA KEV catalog. The CVSS score of 7.5 (HIGH) indicates a significant potential for exploitation if left unaddressed.
Organizations deploying LiteLLM in production environments, particularly those with multiple users or roles, are at risk. Shared hosting environments where users have limited control over server configurations are also particularly vulnerable. Legacy deployments using older versions of LiteLLM are at the highest risk.
• python / server:
import os
import subprocess
def check_env_vars():
sensitive_vars = ['UI_USERNAME', 'UI_PASSWORD']
for var in sensitive_vars:
if var in os.environ:
print(f"Warning: Sensitive environment variable '{var}' is set.")
check_env_vars()• python / server: Check for unauthorized modifications to proxy configurations or custom endpoint handlers in LiteLLM's configuration files.
• python / server: Monitor system logs for unusual activity related to the /config/update endpoint, such as unexpected requests or modifications to environment variables.
• python / server: Review LiteLLM's environment variables for unexpected or unauthorized values using os.environ.
disclosure
Exploit Status
EPSS
0.19% (41% percentiel)
CISA SSVC
The primary mitigation for CVE-2026-35029 is to immediately upgrade LiteLLM to version 1.83.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. Restrict access to the /config/update endpoint to only authorized administrators. Implement strict input validation and sanitization on all parameters passed to this endpoint. Consider using a Web Application Firewall (WAF) to block suspicious requests targeting this endpoint. Regularly review and audit environment variables to detect any unauthorized modifications.
Actualice a la versión 1.83.0 o superior para mitigar la vulnerabilidad. Esta versión corrige la falta de autorización de roles de administrador en el endpoint /config/update, previniendo la ejecución remota de código y la manipulación de la configuración del proxy.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-35029 is a HIGH severity vulnerability in LiteLLM versions 0.0.0 through 1.82.0 that allows authenticated users to escalate privileges and potentially gain unauthorized access to system resources.
If you are using LiteLLM versions 0.0.0 through 1.82.0, you are potentially affected by this vulnerability. Upgrade to version 1.83.0 or later to mitigate the risk.
The recommended fix is to upgrade to LiteLLM version 1.83.0 or later. If upgrading is not immediately possible, implement temporary workarounds such as restricting access to the /config/update endpoint.
As of now, there is no evidence of active exploitation in the wild, but the vulnerability's severity warrants immediate attention and remediation.
Refer to the official LiteLLM project repository and security advisories for the latest information and updates regarding CVE-2026-35029.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je requirements.txt-bestand en we vertellen je direct of je getroffen bent.