LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
Metrics
Affected Vendors & Products
References
History
Wed, 24 Jun 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Tue, 23 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 23 Jun 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Berriai
Berriai litellm |
|
| Vendors & Products |
Berriai
Berriai litellm |
Mon, 22 Jun 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0. | |
| Title | LiteLLM: Authentication Bypass via Host Header Injection | |
| Weaknesses | CWE-290 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-06-22T20:37:14.494Z
Updated: 2026-06-30T12:09:55.893Z
Reserved: 2026-05-30T04:17:43.094Z
Link: CVE-2026-49468
Updated: 2026-06-30T03:16:51.751Z
No data.