Critical RCE Vulnerability Discovered in LiteLLM Proxy—Immediate Upgrade Required

Summary

Security researchers at AISafe have discovered a critical remote code execution (RCE) vulnerability in LiteLLM Proxy, a widely-used open-source gateway that unifies over 100 LLM providers behind a single OpenAI-compatible API. The vulnerability, affecting versions 1.81.16 through 1.83.6, chains two separate flaws to allow unauthenticated attackers to achieve root-level access on default deployments using PostgreSQL backends. The researchers have published technical details and proof-of-concept code, prompting immediate action from the LiteLLM maintainers.

LiteLLM Proxy is a critical infrastructure component used by thousands of organizations as a gateway between applications and major LLM providers including OpenAI, Anthropic, and Azure. With over 40,000 GitHub stars, the project's widespread adoption makes the vulnerability particularly concerning. The maintainers have released version 1.83.7-stable with patches addressing both identified security flaws (GHSA-r75f-5x8p-qvmc and GHSA-xqmj-j6mv-4862).

AISafe recommends all affected users upgrade immediately to v1.83.7-stable or implement interim mitigations including disabling error logs, blocking the vulnerable POST /prompts/test endpoint, and restricting network access behind an authentication layer. The vulnerability was discovered as part of AISafe's automated security scanning platform and carries significant implications given LiteLLM's status as a target in Pwn2Own Berlin 2026's AI category.

• LiteLLM Proxy is widely deployed across thousands of organizations as a gateway for 100+ LLM providers, making the vulnerability's scope significant