CVE-2026-12774

MEDIUM

BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery

Title source: cna

Description

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-372516 | BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery

https://vuldb.com/vuln/372516

Signature, Permissions Required signature permissions-required

VDB-372516 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/vuln/372516/cti

Third Party Advisory third-party-advisory

CVE-2026-12774 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-12774

Third Party Advisory third-party-advisory

Submit #811285 | litellm <= 1.82.2 Server-Side Request Forgery (SSRF) (CWE-918)

https://vuldb.com/submit/811285

Exploit exploit

https://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981

Scores

CVSS v3 6.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Details

CWE

CWE-918

Status published

Products (3)

BerriAI/litellm 1.82.0

BerriAI/litellm 1.82.1

BerriAI/litellm 1.82.2

Published Jun 21, 2026

Tracked Since Jun 21, 2026