BREAKING
LiteLLM Flaw Chain Rated CVSS 9.9
0
CVSS score
0
x
chained CVEs
0
+
LLM providers
How the Escalation Works
1
Auth bypass
↓
2
Role self-elevation
↓
3
Sandbox escape RCE
Gateway Is a Single Point of Failure
Not the First LiteLLM Incident
March 2026
Supply chain
●
PyPI v1.82.7/8 backdoored
●
Credential stealer for 40 min
●
Docker images unaffected
Now
CVSS 9.9
●
Privilege escalation to RCE
●
Fixed in v1.83.14-stable
●
Not yet exploited in wild
Upgrade and Rotate All Secrets
AI NEWS BLITZ
A critical flaw chain in LiteLLM lets a low-privilege account reach full server control.