BREAKING
LiteLLM Flaw Chain Rated CVSS 9.9
0
CVSS score
0x
chained CVEs
0+
LLM providers
How the Escalation Works
1Auth bypass
2Role self-elevation
3Sandbox escape RCE
Gateway Is a Single Point of Failure
Not the First LiteLLM Incident
March 2026Supply chain
PyPI v1.82.7/8 backdoored
Credential stealer for 40 min
Docker images unaffected
NowCVSS 9.9
Privilege escalation to RCE
Fixed in v1.83.14-stable
Not yet exploited in wild
Upgrade and Rotate All Secrets
AI NEWS BLITZ
A critical flaw chain in LiteLLM lets a low-privilege account reach full server control.