CVE-2026-12795 | A vulnerability was determined in BerriAI litellm up to 1.82… | CVSS 7.3 HIGH

Description

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

Metadata

CVE ID: CVE-2026-12795
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-20 17:12 UTC
Published: 2026-06-21 08:30 UTC
Last updated: 2026-06-21 08:30 UTC
Primary CWE: CWE-306
Missing Authentication
Vendor / Product: BerriAI / litellm
Sources: cve.org · NVD

Severity & Metrics

7.3 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Affected products (1)

Vendor	Product	Platform	Versions
BerriAI	litellm	—	1.82.0, 1.82.1, 1.82.2

Weakness (CWE)

CWE	Source	Description
CWE-287	cna	Improper Authentication
CWE-306	cna	Missing Authentication

CVSS scores (4)

Score	Severity	Version	Source	Vector
7.5	N/D	2.0	cna	AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR
7.3	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
7.3	HIGH	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.9	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

References (5)

VDB-372557 | BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication https://vuldb.com/vuln/372557
VDB-372557 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/372557/cti
CVE-2026-12795 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-12795
Submit #811286 | litellm <= 1.82.2 Missing Authentication for Critical Function (CWE-306) https://vuldb.com/submit/811286
https://gist.github.com/YLChen-007/9b13c75a3a73187a4082cc6df0b100d3