CVE-2026-35030: CWE-287: Improper Authentication in BerriAI litellm
CVE-2026-35030 is a critical improper authentication vulnerability in BerriAI's LiteLLM proxy server versions prior to 1. 83. 0 when JWT authentication is enabled. The vulnerability arises because the OIDC userinfo cache uses only the first 20 characters of the JWT token as the cache key. Since JWT headers generated by the same signing algorithm share identical first 20 characters, an attacker can craft a token that matches a legitimate user's cache key, thereby inheriting that user's identity and permissions. This issue affects only deployments with JWT/OIDC authentication enabled, which is not the default configuration. The vulnerability is fixed in version 1. 83. 0.
AI Analysis
Technical Summary
LiteLLM, a proxy server for calling LLM APIs, prior to version 1.83.0, when configured with JWT authentication enabled, uses the first 20 characters of the JWT token as a cache key for OIDC userinfo. Because JWT headers produced by the same signing algorithm have identical first 20 characters, an unauthenticated attacker can craft a token that matches the cache key of a legitimate user. This allows the attacker to bypass authentication and assume the identity and permissions of that user. The vulnerability is classified as CWE-287 (Improper Authentication) and has a CVSS 4.0 score of 9.4 (critical). The issue is resolved in LiteLLM version 1.83.0.
Potential Impact
An unauthenticated attacker can impersonate legitimate users by exploiting the cache key collision in JWT tokens, gaining unauthorized access to the victim's identity and permissions within affected LiteLLM deployments. This can lead to privilege escalation and unauthorized actions within the system. The impact is critical due to the ease of exploitation and the high level of access gained.
Mitigation Recommendations
Upgrade affected LiteLLM deployments to version 1.83.0 or later, where this vulnerability is fixed. Since the issue only affects instances with JWT/OIDC authentication enabled (which is not enabled by default), disabling JWT authentication can also mitigate the risk. Patch status is not explicitly stated in the vendor advisory, but the fix is included in version 1.83.0. No cloud service remediation applies as this is not a cloud service.
CVE-2026-35030: CWE-287: Improper Authentication in BerriAI litellm
Description
CVE-2026-35030 is a critical improper authentication vulnerability in BerriAI's LiteLLM proxy server versions prior to 1. 83. 0 when JWT authentication is enabled. The vulnerability arises because the OIDC userinfo cache uses only the first 20 characters of the JWT token as the cache key. Since JWT headers generated by the same signing algorithm share identical first 20 characters, an attacker can craft a token that matches a legitimate user's cache key, thereby inheriting that user's identity and permissions. This issue affects only deployments with JWT/OIDC authentication enabled, which is not the default configuration. The vulnerability is fixed in version 1. 83. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
LiteLLM, a proxy server for calling LLM APIs, prior to version 1.83.0, when configured with JWT authentication enabled, uses the first 20 characters of the JWT token as a cache key for OIDC userinfo. Because JWT headers produced by the same signing algorithm have identical first 20 characters, an unauthenticated attacker can craft a token that matches the cache key of a legitimate user. This allows the attacker to bypass authentication and assume the identity and permissions of that user. The vulnerability is classified as CWE-287 (Improper Authentication) and has a CVSS 4.0 score of 9.4 (critical). The issue is resolved in LiteLLM version 1.83.0.
Potential Impact
An unauthenticated attacker can impersonate legitimate users by exploiting the cache key collision in JWT tokens, gaining unauthorized access to the victim's identity and permissions within affected LiteLLM deployments. This can lead to privilege escalation and unauthorized actions within the system. The impact is critical due to the ease of exploitation and the high level of access gained.
Mitigation Recommendations
Upgrade affected LiteLLM deployments to version 1.83.0 or later, where this vulnerability is fixed. Since the issue only affects instances with JWT/OIDC authentication enabled (which is not enabled by default), disabling JWT authentication can also mitigate the risk. Patch status is not explicitly stated in the vendor advisory, but the fix is included in version 1.83.0. No cloud service remediation applies as this is not a cloud service.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-31T21:06:06.427Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d3ea320a160ebd92c9fd81
Added to database: 4/6/2026, 5:15:30 PM
Last enriched: 4/14/2026, 4:05:29 PM
Last updated: 5/22/2026, 8:33:17 PM
Views: 86
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.