CVE-2026-49468
published 2026-06-22CVE-2026-49468: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.56%
42.3th percentile
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform-26 | lightspeed-chatbot-rhel9 | — | — |
| ansible-automation-platform-27 | lightspeed-chatbot-rhel9 | — | — |
| berriai | litellm | < 1.84.0 | 1.84.0 |
| exploit-intelligence-tech-preview | vulnerability-analysis-rhel9 | — | — |
| litellm | litellm | < 1.84.0 | 1.84.0 |
| litellm | litellm | >= 0 < 1.84.0 | 1.84.0 |
| rhoai | odh-llama-stack-core-rhel9 | — | — |
| rhoai | odh-mlflow-rhel9 | — | — |
| rhoai | odh-trustyai-garak-lls-provider-dsp-rhel9 | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.5CRITICALCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LiteLLM: Authentication Bypass via Host Header Injection
ghsa·2026-06-16
CVE-2026-49468 [CRITICAL] CWE-290 LiteLLM: Authentication Bypass via Host Header Injection
LiteLLM: Authentication Bypass via Host Header Injection
### Impact
A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes.
The auth layer derived the effective route from `request.url.path` in `litellm/proxy/auth/auth_utils.py::get_request_route()`, which Starlette reconstructs from the `Host` header. A crafted `Host` could therefore make the auth gate evaluate a different route from the one FastAPI dispatched.
**Most deployments are not affected.** The bypass is blocked by any upstream layer that validates or normalizes `Host`, such as:
- a CDN or WAF, such as Cloudflare
- a reverse proxy with `server_name` allowlists
- a host-based load balancer
**LiteLLM Cloud customers are not affected.**
###
Red Hat
litellm: LiteLLM: Authentication Bypass via Host Header Injection
vendor_redhat·2026-06-22·CVSS 9.8
CVE-2026-49468 [CRITICAL] CWE-290 litellm: LiteLLM: Authentication Bypass via Host Header Injection
litellm: LiteLLM: Authentication Bypass via Host Header Injection
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
A flaw was found in LiteLLM, a proxy server (AI Gateway) used to call Large Language Model (LLM) APIs. A remote attacker could exploit a Host-header parsing vulnerability in the proxy authentication layer. By sending a crafted Host header, an attacker could gain unauthenticated access to protected management routes, potentially leading to full system compromise.
Statement: Critical: This Host-header parsing flaw in LiteLLM's proxy authentication layer allows unauthenticated remote access to protected management routes. Red Hat products leveraging LiteLLM, such as Red Hat OpenShift A
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
blogs_hackernews·2026-06-22·CVSS 9.8
CVE-2026-24858 [CRITICAL] ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More
It’s Monday again.
This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control.
The annoying part is how little of this feels new. Weak credentials, sketchy downloads, browser extensions with too much access, and WordPress sites are used to push more attacks. Nothing clever. Just sloppy, cheap, and effective.
Here’s the Monday recap. Let’s get into the week’s mess.
## ⚡ Threat of the We
Bugzilla
CVE-2026-49468 litellm: LiteLLM: Authentication Bypass via Host Header Injection
bugzilla·2026-06-22·CVSS 9.8
CVE-2026-49468 [CRITICAL] CVE-2026-49468 litellm: LiteLLM: Authentication Bypass via Host Header Injection
CVE-2026-49468 litellm: LiteLLM: Authentication Bypass via Host Header Injection
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.
https://github.com/BerriAI/litellm/releases/tag/v1.84.0https://github.com/BerriAI/litellm/security/advisories/GHSA-4xpc-pv4p-pm3whttps://access.redhat.com/security/cve/CVE-2026-49468https://bugzilla.redhat.com/show_bug.cgi?id=2491520https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-49468.json
2026-06-22
Published