A CVSS 9.9 (Critical) vulnerability chain has been found in the Proxy Server of the popular open-source AI gateway LiteLLM. Starting from a single low-privilege user, an attacker can seize admin rights and go on to remote code execution, theft of API keys, and reading or tampering with prompts. Reported on June 15, 2026 based on research by Obsidian Security, the issues are fixed in v1.83.14-stable and later.
Continue reading
The rest of this article is for AI News Blitz readers. Choose an option below to keep reading.
Already purchased? Sign in✓ Signed in — this article isn’t included in your current plan.