CVE Catalog

CVE-2026-12771

MediumCVSS 5.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

A vulnerability was identified in BerriAI litellm up to version 1.82.2, affecting an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the M2M JWT Handler component. This manipulation leads to improper authorization.

Risk Assessment

The attack can be launched remotely, and a high complexity level is associated with it. A publicly available exploit may be used.

Recommendation

It is recommended to update to the latest version of BerriAI litellm to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS