CVE-2026-12795

HIGH

BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication

Title source: cna
STIX 2.1

Description

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-372557 | BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication
https://vuldb.com/vuln/372557
Signature, Permissions Required signature permissions-required
VDB-372557 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/372557/cti
Third Party Advisory third-party-advisory
CVE-2026-12795 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-12795
Third Party Advisory third-party-advisory
Submit #811286 | litellm <= 1.82.2 Missing Authentication for Critical Function (CWE-306)
https://vuldb.com/submit/811286

Scores

CVSS v3 7.3
EPSS 0.0051
EPSS Percentile 39.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-287 CWE-306
Status published
Products (4)
BerriAI/litellm 1.82.0
BerriAI/litellm 1.82.1
BerriAI/litellm 1.82.2
litellm/litellm < 1.82.2
Published Jun 21, 2026
Tracked Since Jun 21, 2026