CVE-2026-40217: CWE-420 Unprotected Alternate Channel in BerriAI LiteLLM
CVE-2026-40217 is a high-severity vulnerability in BerriAI's LiteLLM product that allows remote attackers to execute arbitrary code by exploiting an unprotected alternate channel via bytecode rewriting at the /guardrails/test_custom_code URI. The vulnerability is classified under CWE-420 (Unprotected Alternate Channel). It affects versions of LiteLLM up to 2026-04-08. There is no official patch or remediation level provided at this time, and no known exploits in the wild have been reported.
AI Analysis
Technical Summary
This vulnerability in BerriAI LiteLLM allows remote code execution through a weakness identified as CWE-420, involving an unprotected alternate channel. Specifically, attackers can perform bytecode rewriting by accessing the /guardrails/test_custom_code URI, enabling arbitrary code execution remotely. The CVSS 3.1 score is 8.8, indicating high severity with network attack vector, low attack complexity, requiring low privileges and no user interaction, and impacts confidentiality, integrity, and availability.
Potential Impact
Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on the affected system, potentially leading to full compromise of the LiteLLM instance. This impacts confidentiality, integrity, and availability of the system. No known exploits are currently reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor BerriAI's advisories for updates. Until a patch is available, restricting access to the /guardrails/test_custom_code URI and applying network-level controls to limit exposure may reduce risk.
CVE-2026-40217: CWE-420 Unprotected Alternate Channel in BerriAI LiteLLM
Description
CVE-2026-40217 is a high-severity vulnerability in BerriAI's LiteLLM product that allows remote attackers to execute arbitrary code by exploiting an unprotected alternate channel via bytecode rewriting at the /guardrails/test_custom_code URI. The vulnerability is classified under CWE-420 (Unprotected Alternate Channel). It affects versions of LiteLLM up to 2026-04-08. There is no official patch or remediation level provided at this time, and no known exploits in the wild have been reported.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in BerriAI LiteLLM allows remote code execution through a weakness identified as CWE-420, involving an unprotected alternate channel. Specifically, attackers can perform bytecode rewriting by accessing the /guardrails/test_custom_code URI, enabling arbitrary code execution remotely. The CVSS 3.1 score is 8.8, indicating high severity with network attack vector, low attack complexity, requiring low privileges and no user interaction, and impacts confidentiality, integrity, and availability.
Potential Impact
Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on the affected system, potentially leading to full compromise of the LiteLLM instance. This impacts confidentiality, integrity, and availability of the system. No known exploits are currently reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor BerriAI's advisories for updates. Until a patch is available, restricting access to the /guardrails/test_custom_code URI and applying network-level controls to limit exposure may reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-04-10T13:43:22.641Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d907431cc7ad14dac20a7e
Added to database: 4/10/2026, 2:20:51 PM
Last enriched: 4/10/2026, 2:35:47 PM
Last updated: 4/10/2026, 3:28:50 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.