◈ AI Security Intelligence ← Daily feed
Vulnerability  ·  2026-04-15

LiteLLM RCE via Bytecode Rewriting (CVE-2026-40217)

VulnerabilityHigh impactCVE-2026-40217
Technical description
A critical remote code execution vulnerability in LiteLLM (through version 2026-04-08) allows attackers to execute arbitrary code via a bytecode rewriting mechanism at the /guardrails/test_custom_code URI. CVSS score 8.8 (High). This follows the March 2026 LiteLLM supply chain compromise where a trojanised PyPI package delivered a multi-stage credential stealer.
Attack vector
Remote attackers exploit the bytecode rewriting mechanism in the guardrails testing endpoint to execute malicious code on the server. The attack does not require authentication in some configurations.
Affected systems
LiteLLM versions through 2026-04-08. LiteLLM is widely used as an LLM gateway/proxy by organisations routing API calls to multiple AI providers.
Mitigation
Update to LiteLLM version 1.83.0 or later. Audit for indicators of compromise from both this vulnerability and the earlier supply chain attack. Restrict network access to the /guardrails/test_custom_code endpoint. Verify PyPI package integrity against known-good hashes.
Sources
LiteLLM — Security Update: Vulnerability Disclosures and Ongoing HardeningTheHackerWire — LiteLLM RCE via Bytecode RewritingSnyk — How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →