CVE-2026-47101

HIGH LAB

LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-47101. PoCs published by learner202649.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-47101, demonstrating a privilege escalation vulnerability in LiteLLM where an internal_user can escalate to proxy_admin via missing authorization checks in /key/generate and /user/update endpoints.

Description

LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.

Exploits (1)

github WORKING POC

by learner202649 · shellpoc

https://github.com/learner202649/CVE-2026-47101-PoC

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-47101, demonstrating a privilege escalation vulnerability in LiteLLM where an internal_user can escalate to proxy_admin via missing authorization checks in /key/generate and /user/update endpoints.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: LiteLLM <1.83.14

Auth required

Prerequisites: access to an internal_user API key or master key · target LiteLLM instance running a vulnerable version

MITRE ATT&CK