What happened
Three vulnerabilities in the LiteLLM proxy were disclosed on 2026-06-15. Chained together they allow a user with only low-privilege access to escalate to full administrator rights and then execute arbitrary code on the host running the LiteLLM gateway. The issue was reported by The Hacker News (article title and URL confirmed via web_fetch returning the article page with title 'LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers' on 2026-06-15).
Why it matters
LiteLLM is a central AI gateway used by enterprises to fan out to dozens of LLM providers under a single API surface. Compromise gives an attacker every provider API key stored on the server, full visibility into all prompts and responses transiting the gateway, and arbitrary code execution — effectively handing over an organisation's entire AI infrastructure. Patch to v1.83.14-stable or later and rotate all provider keys immediately.
Attack vector
A low-privilege authenticated user chains three flaws: broken access-control (CVE-2026-40217) to reach privileged admin endpoints, privilege escalation to full admin (CVE-2026-47102), then remote code execution as the server process (CVE-2026-47101). No special permissions required beyond a basic account.
Affected systems
LiteLLM proxy < v1.83.14-stable
Mitigation
Upgrade to LiteLLM v1.83.14-stable or later; rotate all LLM provider API keys; audit all accounts for unauthorised admin escalation. Advisory: https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html