LiteLLM Vulnerability Chain Enables Full AI Gateway Takeover from Default Account

TL;DR

what: Three chained vulnerabilities in LiteLLM AI gateway allow default low-privilege users to bypass authorization, escalate to admin, and execute arbitrary code on the server.

impact: Full compromise exposes every provider API key (OpenAI, Anthropic, Azure, etc.), database credentials, decryption secrets, and all prompts and responses passing through the gateway.

fix: Upgrade immediately to LiteLLM v1.83.14-stable or later, which includes complete fixes for CVE-2026-47101, CVE-2026-47102, and CVE-2026-40217.

who: Any organization running LiteLLM proxy to broker AI model access, especially those with internal users or agents routing through the gateway.