CVE-2026-47101— LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
Possible ATT&CK Techniques 1AI
T1078 · Valid AccountsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-47101
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation
Source: NVD (National Vulnerability Database)
Vulnerability Description
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
LiteLLM 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LiteLLM是Berri AI开源的一个应用程序。可以使用 OpenAI 格式调用所有 LLM API。 LiteLLM 1.83.14之前版本存在安全漏洞,该漏洞源于创建API密钥时未验证allowed_routes字段是否在用户自身权限内,可能导致认证的内部用户创建具有其角色不允许路由访问权限的密钥,从而绕过基于角色的访问控制,实现从internal_user到proxy_admin的完全权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-47101
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCVerified env Premium
Real sandbox recording· Watch the recording below to confirm the POC actually triggers the vulnerability.
Sandbox build & launch
Qwen3.6-35B-A3B · 9414 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-47101
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-47101 (3)
Vendor Advisories for CVE-2026-47101 (2)
- 🔗 huntr - The world’s first bug bounty platform for AI/ML Read full article third-party-advisoryexploit
Proof of Concept for CVE-2026-47101 (1)
Vendor Pages for CVE-2026-47101 (1)
IV. Related Vulnerabilities
Same product: litellm
- CVE-2026-47102
LiteLLM < 1.83.10 Privilege Escalation via User Update - CVE-2026-42208
LiteLLM: SQL injection in Proxy API key verification - CVE-2026-42203
LiteLLM: Server-Side Template Injection in /prompts/test end - CVE-2026-42271
LiteLLM: Authenticated command execution via MCP stdio test - CVE-2026-40217
LiteLLM 安全漏洞
Same vendor: BerriAI
- CVE-2026-47102
LiteLLM < 1.83.10 Privilege Escalation via User Update - CVE-2026-42208
LiteLLM: SQL injection in Proxy API key verification - CVE-2026-42203
LiteLLM: Server-Side Template Injection in /prompts/test end - CVE-2026-42271
LiteLLM: Authenticated command execution via MCP stdio test - CVE-2026-40217
LiteLLM 安全漏洞
Same weakness: CWE-863
- CVE-2024-47272
DSM Surveillance Station<9.2.2文件写入漏洞 - CVE-2026-3660
IBM Engineering Lifecycle Management - Jazz Foundation is vu - CVE-2026-44314
Traccar: Missing edit authorization on device image upload a - CVE-2026-8046
Incorrect Authorization in CODESYS Control - CVE-2018-25353
Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload
V. Comments for CVE-2026-47101
No comments yet