CVE-2026-49468

CRITICAL LAB

LiteLLM: Authentication Bypass via Host Header Injection

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-49468. PoCs published by BiiTts.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-49468, an authentication bypass vulnerability in LiteLLM proxy (<1.84.0) via Host-header route confusion. The exploit leverages a discrepancy between Starlette's URL reconstruction (using client-controlled Host header) and FastAPI's ASGI path dispatch to bypass authentication and authorization checks.

Description

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.

Exploits (1)

github WORKING POC
by BiiTts · pythonpoc
https://github.com/BiiTts/CVE-2026-49468-LiteLLM-Auth-Bypass

This repository contains a functional exploit for CVE-2026-49468, an authentication bypass vulnerability in LiteLLM proxy (<1.84.0) via Host-header route confusion. The exploit leverages a discrepancy between Starlette's URL reconstruction (using client-controlled Host header) and FastAPI's ASGI path dispatch to bypass authentication and authorization checks.

Classification
Working Poc 99%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: LiteLLM proxy versions <1.84.0 (verified on v1.83.14-stable)
No auth needed
Prerequisites: Network access to the LiteLLM proxy endpoint · Target running a vulnerable version (<1.84.0)
mistral-large-3 · analyzed Jul 03, 2026 Full analysis →

Scores

CVSS v3 9.8
EPSS 0.0056
EPSS Percentile 42.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull ghcr.io/berriai/litellm:v1.83.14-stable
docker pull ghcr.io/berriai/litellm:v1.84.0

Details

CWE
CWE-290
Status published
Products (2)
BerriAI/litellm < 1.84.0
litellm/litellm < 1.84.0
Published Jun 22, 2026
Tracked Since Jun 23, 2026