CVE-2026-12773
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk45th percentile — higher than 45% of all known CVEs
Summary
A weakness has been identified in BerriAI litellm up to version 1.59.8 in the UserAPIKeyAuth function of the MCP Proxy component. Manipulation can lead to improper authentication, and the attack can be launched remotely.
Risk Assessment
The organization is at risk of unauthorized system access by a remote attacker who can use a publicly available exploit to bypass authentication mechanisms.
Recommendation
Immediately update BerriAI litellm to a version newer than 1.59.8 and apply available security patches. Until the update, restrict access to the MCP Proxy component.
Original NVD description (English source)
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.

