CVE-2026-12770

Severity CVSS v4.0:
LOW
Type:
Unavailable / Other
Publication date:
21/06/2026
Last modified:
24/06/2026

Description

A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:* 1.63.2 (excluding)