CVE-2026-12774
published 2026-06-21CVE-2026-12774: A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file…
PriorityP344medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.26%
17.5th percentile
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform-26 | lightspeed-chatbot-rhel9 | — | — |
| ansible-automation-platform-27 | lightspeed-chatbot-rhel9 | — | — |
| berriai | litellm | — | — |
| berriai | litellm | — | — |
| berriai | litellm | — | — |
| exploit-intelligence-tech-preview | vulnerability-analysis-rhel9 | — | — |
| litellm | litellm | <= 1.82.2 | — |
| rhoai | odh-llama-stack-core-rhel9 | — | — |
| rhoai | odh-mlflow-rhel9 | — | — |
| rhoai | odh-trustyai-garak-lls-provider-dsp-rhel9 | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
A security vulnerability has been detected in BerriAI litellm up to 1.82.2.
ghsa_unreviewed·2026-06-21
CVE-2026-12774 [LOW] CWE-918 A security vulnerability has been detected in BerriAI litellm up to 1.82.2.
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
VulDB
BerriAI litellm up to 1.82.2 MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery
vuldb·2026-06-20
CVE-2026-12774 [CRITICAL] BerriAI litellm up to 1.82.2 MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery
A vulnerability has been found in BerriAI litellm up to 1.82.2 and classified as critical. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery.
This vulnerability is referenced as CVE-2026-12774. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure.
Red Hat
litellm: BerriAI litellm: Server-Side Request Forgery in MCP Server Connection Testing
vendor_redhat·2026-06-21·CVSS 6.3
CVE-2026-12774 [MEDIUM] CWE-918 litellm: BerriAI litellm: Server-Side Request Forgery in MCP Server Connection Testing
litellm: BerriAI litellm: Server-Side Request Forgery in MCP Server Connection Testing
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
A flaw was found in BerriAI litellm. A remote attacker could exploit a Server-Side Request Forgery (SSRF) vulnerability in the MCP Server Connection Testing component. This flaw, specifically within the _execute_with_mcp_client funct
No detection rules found.
No public exploits indexed.
2026-06-21
Published