Post
HIGH

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

· llm · privilege-escalation · rce · vulnerability

A default low-privilege account on a LiteLLM proxy can be escalated to full admin and remote code execution by chaining three vulnerabilities, according to research from Obsidian Security. LiteLLM is a widely deployed open-source AI gateway that brokers requests to more than 100 model providers behind a single OpenAI-compatible interface. A full takeover of a LiteLLM proxy would expose every provider API key and secret the gateway holds, affecting every application routed through it. Teams running self-hosted LiteLLM proxies should update to a patched version and audit default account privileges and API key scopes.