CVE Catalog

CVE-2026-12797

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

A security flaw has been discovered in BerriAI litellm up to version 1.82.5 in the async_pre_call_hook function of the enterprise/enterprise_hooks/banned_keywords.py file. Manipulation of the prompt argument results in incorrect authorization, which can be exploited in remote attacks.

Risk Assessment

This vulnerability poses a risk of unauthorized access to the system, potentially leading to serious data security breaches within the organization.

Recommendation

It is recommended to update BerriAI litellm to the latest version to mitigate this vulnerability and to monitor the system for unauthorized access attempts.

Original NVD description (English source)

A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS