CVE-2026-12771
Severity CVSS v4.0:
LOW
Type:
Unavailable / Other
Publication date:
21/06/2026
Last modified:
24/06/2026
Description
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
Impact
Base Score 4.0
1.30
Severity 4.0
LOW
Base Score 3.x
5.00
Severity 3.x
MEDIUM
Base Score 2.0
4.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:* | 1.82.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



