BerriAI litellm <=1.82.2 SSO Debug Flow JSON.dumps Auth Bypass
CVE-2026-12795 Published on June 21, 2026
BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication
A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
What is an authentification Vulnerability?
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
CVE-2026-12795 has been classified to as an authentification vulnerability or weakness.
Products Associated with CVE-2026-12795
Want to know whenever a new CVE is published for Litellm? stack.watch will email you.
Affected Versions
BerriAI litellm:- Version 1.82.0 is affected.
- Version 1.82.1 is affected.
- Version 1.82.2 is affected.