CVE-2026-35030CRITICAL 9.1EPSS p31.2%

CVE-2026-35030CVE-2026-35030

Description

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled. Fixed in v1.83.0.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.40% probability of exploitation · percentile 31.2% · 2026-06-18T12:00:27Z
Published2026-04-06
Last modified2026-04-07

Underlying weaknesses· 1

CWE-287

References

  1. https://github.com/BerriAI/litellm/security/advisories/GHSA-jjhc-v7c2-5hh6

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35029
CVE
CVE-2026-42203
CVE
CVE-2026-47101
CVE
CVE-2026-47102
CVE
BerriAI LiteLLM Command Injection Vulnerability
CVE
CVE-2025-0628
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.