LiteLLM proxy vulnerable prev1.84.0 (BerriAI)
CVE-2026-49468 Published on June 22, 2026

LiteLLM: Authentication Bypass via Host Header Injection
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.

NVD

Vulnerability Analysis

CVE-2026-49468 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Products Associated with CVE-2026-49468

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Exploit Intelligence

Red Hat Ansible Automation Platform

Red Hat Openshift Ai

Affected Versions

BerriAI litellm:

Version < 1.84.0 is affected.

Red Hat Exploit Intelligence: Red Hat Ansible Automation Platform 2: Red Hat OpenShift AI (RHOAI):

LiteLLM proxy vulnerable prev1.84.0 (BerriAI)CVE-2026-49468 Published on June 22, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass by Spoofing

Products Associated with CVE-2026-49468

Affected Versions

LiteLLM proxy vulnerable prev1.84.0 (BerriAI)
CVE-2026-49468 Published on June 22, 2026