CVE-2026-12799

MEDIUM

BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

Title source: cna
STIX 2.1

Description

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-372561 | BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization
https://vuldb.com/vuln/372561
Signature, Permissions Required signature permissions-required
VDB-372561 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/372561/cti
Third Party Advisory third-party-advisory
CVE-2026-12799 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-12799
Third Party Advisory third-party-advisory
Submit #811291 | litellm <= 1.82.2 Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
https://vuldb.com/submit/811291

Scores

CVSS v3 4.3
EPSS 0.0029
EPSS Percentile 20.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-266 CWE-285
Status published
Products (4)
BerriAI/litellm 1.82.0
BerriAI/litellm 1.82.1
BerriAI/litellm 1.82.2
litellm/litellm < 1.82.2
Published Jun 21, 2026
Tracked Since Jun 21, 2026