CVE-2026-35030
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk38th percentile — higher than 38% of all known CVEs
Summary
In LiteLLM before version 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses the first 20 characters of the token as the cache key. Since JWT headers produced by the same signing algorithm generate identical first 20 characters, an unauthenticated attacker can craft a token matching the cache and inherit a legitimate user's identity and permissions.
Risk Assessment
The organization is at risk of unauthorized access to LLM APIs with another user's privileges, potentially leading to data leakage, resource abuse, or privilege escalation.
Recommendation
Upgrade LiteLLM to version 1.83.0 or later immediately. If an upgrade is not possible, consider temporarily disabling JWT/OIDC authentication.
Original NVD description (English source)
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled. Fixed in v1.83.0.

