CVE-2026-12774

Severity CVSS v4.0:
LOW
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
21/06/2026
Last modified:
24/06/2026

Description

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:* 1.82.2 (including)