CVE-2026-35030 describes a critical vulnerability in the LiteLLM proxy server, which serves as an AI gateway for calling LLM APIs in OpenAI format. This vulnerability allows unauthenticated attackers to exploit the OIDC userinfo cache when JWT authentication is enabled. Specifically, prior to version 1.83.0, the cache used the first 20 characters of a token as the cache key. As a result, JWT headers generated by the same signing algorithm would yield identical first 20 characters. Although this authentication feature is not enabled by default, if configured, it poses a significant risk.
With a CVSS score of 9.4, this vulnerability is classified as critical. Attackers can craft tokens that match those of legitimate users, leading to unauthorized access to their identity and permissions. Given that this vulnerability mainly affects deployments with JWT/OIDC authentication enabled, organizations utilizing LiteLLM should take immediate action to mitigate this risk.
The vulnerability was reported on April 6, 2026, and was addressed in version 1.83.0. Organizations running versions prior to this should prioritize patching immediately, as the exploitation potential is significant. The urgency for remediation cannot be overstated, given the potential for unauthorized access to sensitive resources.
As of now, there are no confirmed public exploits available for this vulnerability. However, the nature of the flaw presents a high risk, warranting thorough attention from security teams.
Vulnerability Details
The official description indicates that the vulnerability allows unauthenticated attackers to craft tokens that, on cache hits, grant them identities and permissions of legitimate users. The vulnerability falls under the CWE classification of CWE-287, which pertains to improper authentication.
The CVSS score of 9.4 indicates a critical severity level, highlighting the significant impact on confidentiality and integrity. The attack vector is network-based, requiring low complexity and no privileges or user interaction. The vulnerability affects all versions of LiteLLM prior to 1.83.0.
Technical Analysis
The root cause of this vulnerability lies in the method of token validation for user identity. By using the first 20 characters of a JWT as a cache key, it inadvertently allows attackers to produce tokens that collide with legitimate tokens. This collision leads to unauthorized identity inheritance, allowing attackers to execute actions as if they were the legitimate user.
The attack vector is purely network-based, as it can be executed without any physical access to the target system. The attack complexity is low, with no privileges required, and no user interaction necessary. The confidentiality and integrity impacts are rated as high, with no availability impact.
Risk & Impact Analysis
The risk to organizations includes the potential for unauthorized identity access, which could lead to significant data breaches and loss of sensitive information. The blast radius is substantial, especially for organizations that handle sensitive data or utilize LiteLLM in critical applications. Given the urgent nature of this vulnerability, organizations should prioritize remediation efforts.
Organizations should assess their exposure and implement the necessary patches without delay. The vulnerability affects deployments where JWT/OIDC authentication is enabled, making it imperative for organizations to verify their configurations and ensure they are not exposed to this risk.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The affected versions of LiteLLM include all versions prior to 1.83.0. Organizations using these versions should upgrade to the latest version to mitigate the risks associated with this vulnerability.
Mitigation & Remediation
Organizations should immediately upgrade LiteLLM to version 1.83.0 or later to resolve this vulnerability. If an immediate upgrade is not possible, organizations should consider disabling JWT authentication until a patch can be applied. It is essential to review the configurations and ensure that the OIDC userinfo cache is properly managed.
For further assistance in validating security posture and remediating vulnerabilities, organizations may consider engaging in penetration testing services.
Detection Guidance
To detect potential exploitation of this vulnerability, organizations should monitor for anomalous authentication attempts and log any unusual token usage patterns. Additionally, logging and analyzing user activity can help identify unauthorized access attempts.
AppSecure Threat Intelligence Insight
The long-term significance of this vulnerability underscores the importance of robust authentication practices within software development. Organizations must be vigilant in their security measures, particularly as vulnerabilities like CVE-2026-35030 highlight the potential risks of improper token management.
Security teams should regularly review their identity and access management strategies to ensure that they are resilient against such vulnerabilities. For organizations looking to strengthen their security posture, resources such as the penetration testing methodology guide can provide valuable insights.
Moreover, keeping abreast of emerging threats and vulnerabilities through continuous education and training is vital. For specific guidance on securing applications, organizations may refer to the vulnerability management program design article.
In summary, CVE-2026-35030 serves as a reminder of the critical nature of secure coding practices and the importance of timely remediation for vulnerabilities.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)