This vulnerability in LiteLLM allows remote attackers to perform arbitrary code execution by rewriting bytecode through an unprotected endpoint (/guardrails/test_custom_code). The CVSS 3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability with low attack complexity and no user interaction required. The vulnerability arises from CWE-420, which involves an unprotected alternate communication channel that bypasses normal security controls. No patch or official remediation guidance has been published by BerriAI as of the publication date.

Successful exploitation enables remote attackers to execute arbitrary code on affected LiteLLM instances, potentially leading to full system compromise including confidentiality, integrity, and availability impacts. Given the high CVSS score (8.8), this vulnerability poses a significant risk to affected systems if exploited.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the /guardrails/test_custom_code URI and monitor for any unauthorized access attempts. Avoid exposing LiteLLM instances to untrusted networks. Follow vendor updates closely for any forthcoming patches or mitigations.