CVE-2026-12772
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
A security flaw has been discovered in BerriAI litellm up to version 1.82.2, impacting the function authenticate_user in the file litellm/proxy/auth/login_utils.py of the PROXY_ADMIN database API Key Generator. Manipulating this function results in session expiration.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a risk to the integrity of user sessions. The public release of the exploit increases the likelihood of attacks.
Recommendation
It is recommended to update to the latest version of BerriAI litellm to mitigate this vulnerability. Additionally, monitor logs and user sessions for potential attack attempts.
Original NVD description (English source)
A security flaw has been discovered in BerriAI litellm up to 1.82.2. This impacts the function authenticate_user of the file litellm/proxy/auth/login_utils.py of the component PROXY_ADMIN database API Key Generator. Performing a manipulation results in session expiration. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure.

