LiteLLM <1.83.0 OIDC Userinfo Cache - Authentication Bypass
Title source: manualExploitation Summary
EIP tracks 1 public exploit for CVE-2026-35030. PoCs published by learner202649.
AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2026-35030, demonstrating an authentication bypass in LiteLLM via OIDC userinfo cache key collision. The exploit leverages the fact that the cache key uses only the first 20 characters of a JWT, which are identical for tokens using the same signing algorithm, allowing an attacker to inherit another user's cached identity.
Description
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled. Fixed in v1.83.0.
Exploits (1)
This repository contains a functional exploit PoC for CVE-2026-35030, demonstrating an authentication bypass in LiteLLM via OIDC userinfo cache key collision. The exploit leverages the fact that the cache key uses only the first 20 characters of a JWT, which are identical for tokens using the same signing algorithm, allowing an attacker to inherit another user's cached identity.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N