CVE-2026-47102

HIGH LAB

LiteLLM < 1.83.10 Privilege Escalation via User Update

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-47102. PoCs published by learner202649.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-47102, demonstrating privilege escalation in LiteLLM via the /user/update endpoint. The exploit chain involves creating an internal_user, granting a route-restricted key, and escalating to proxy_admin by modifying the user_role field.

Description

LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without chaining any additional flaw.

Exploits (1)

github WORKING POC

by learner202649 · shellpoc

https://github.com/learner202649/CVE-2026-47102-PoC

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2026-47102, demonstrating privilege escalation in LiteLLM via the /user/update endpoint. The exploit chain involves creating an internal_user, granting a route-restricted key, and escalating to proxy_admin by modifying the user_role field.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: LiteLLM < v1.83.10

Auth required

Prerequisites: admin-granted route access to /user/update · valid internal_user account

MITRE ATT&CK