LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Published on June 15, 2026

A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface. A server takeover exposes every provider key it holds, the secrets that

Continue reading on website
Other news

Council of Europe investigates ShinyHunters data breach claims

June 15, 2026
The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. [...]

Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks

June 15, 2026
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. [...]