CVE Catalog

CVE-2026-35030

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

38th percentile — higher than 38% of all known CVEs

Summary

In LiteLLM before version 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses the first 20 characters of the token as the cache key. Since JWT headers produced by the same signing algorithm generate identical first 20 characters, an unauthenticated attacker can craft a token matching the cache and inherit a legitimate user's identity and permissions.

Risk Assessment

The organization is at risk of unauthorized access to LLM APIs with another user's privileges, potentially leading to data leakage, resource abuse, or privilege escalation.

Recommendation

Upgrade LiteLLM to version 1.83.0 or later immediately. If an upgrade is not possible, consider temporarily disabling JWT/OIDC authentication.

Original NVD description (English source)

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled. Fixed in v1.83.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS