BerriAI litellm <=1.82.5 Completions Interface Auth Bypass via async_pre_call_hook
CVE-2026-12797 Published on June 21, 2026
BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization
A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the argument prompt results in incorrect authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2026-12797 has been classified to as an AuthZ vulnerability or weakness.
What is an AuthZ Vulnerability?
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-12797 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-12797
Want to know whenever a new CVE is published for Litellm? stack.watch will email you.
Affected Versions
BerriAI litellm:- Version 1.82.0 is affected.
- Version 1.82.1 is affected.
- Version 1.82.2 is affected.
- Version 1.82.3 is affected.
- Version 1.82.4 is affected.
- Version 1.82.5 is affected.