What happened
SecureLayer7 published on June 29, 2026 a technical disclosure of a chained three-CVE exploit in LiteLLM (the widely-used open-source LLM proxy/gateway). A default internal user can escalate privileges to proxy admin (CVE-2026-47101 + CVE-2026-47102) and then achieve remote code execution (CVE-2026-40217), exposing all provider API keys and the virtual key database. The fix is version 1.83.14-stable.
Why it matters
LiteLLM is used by thousands of enterprises and AI startups as the API gateway layer routing traffic to OpenAI, Anthropic, and other LLM providers. Compromise at this layer gives attackers access to all downstream AI application credentials and model traffic — a high-value supply chain target. The three-CVE chain is exploitable by any internal user with default credentials.
Applicability
Any organization running LiteLLM as an LLM proxy must upgrade to ≥1.83.14-stable immediately; audit for IOCs if upgrade is delayed.