BREAKING
CVSS 9.9 Chain Hits LiteLLM
Three Flaws Chained to RCE
1internal_user
2proxy_admin
3RCE on server
0+
LLM providers
0+
GitHub stars
0
CVSS score
A Pattern of Incidents
Chain RCE9.9
SQLi9.3
PyPI attack0
What Attackers Can Reach
Secrets at Risk
LITELLM_MASTER_KEY
Provider API keys
DB credentials & logs
Downstream Impact
Tampered agent responses
Injected tool calls
Spread via MCP gateways
Upgrade to v1.83.14-stable
AI NEWS BLITZ
A critical flaw chain in LiteLLM lets low-privilege users seize admin and run code.