CVE-2026-47101: Incorrect Authorization in BerriAI litellm
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.
AI Analysis
Technical Summary
The vulnerability in LiteLLM versions before 1.83.14 arises because the system does not verify that the allowed_routes specified when creating API keys are within the creator's permitted routes. Consequently, an authenticated internal user can generate API keys granting access to admin-only routes, effectively bypassing role-based access controls and escalating privileges to proxy_admin. This issue is classified as an incorrect authorization flaw with a CVSS 4.0 score of 8.7, indicating high severity. No vendor advisory or patch information is currently available, and the product is not a cloud service, so remediation responsibility lies with the user.
Potential Impact
Successful exploitation allows an authenticated internal user to escalate privileges to proxy_admin by creating API keys with unauthorized access to admin-only routes. This bypasses intended role-based access controls, potentially leading to full administrative control within the affected LiteLLM environment.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict internal user permissions carefully and monitor API key creation processes to detect any anomalous key generation. Avoid granting internal users unnecessary privileges that could be abused to exploit this vulnerability.
CVE-2026-47101: Incorrect Authorization in BerriAI litellm
Description
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in LiteLLM versions before 1.83.14 arises because the system does not verify that the allowed_routes specified when creating API keys are within the creator's permitted routes. Consequently, an authenticated internal user can generate API keys granting access to admin-only routes, effectively bypassing role-based access controls and escalating privileges to proxy_admin. This issue is classified as an incorrect authorization flaw with a CVSS 4.0 score of 8.7, indicating high severity. No vendor advisory or patch information is currently available, and the product is not a cloud service, so remediation responsibility lies with the user.
Potential Impact
Successful exploitation allows an authenticated internal user to escalate privileges to proxy_admin by creating API keys with unauthorized access to admin-only routes. This bypasses intended role-based access controls, potentially leading to full administrative control within the affected LiteLLM environment.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict internal user permissions carefully and monitor API key creation processes to detect any anomalous key generation. Avoid granting internal users unnecessary privileges that could be abused to exploit this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-05-18T19:22:26.748Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a106ffae1370fbb480d1c8e
Added to database: 5/22/2026, 3:02:18 PM
Last enriched: 5/22/2026, 3:02:35 PM
Last updated: 5/23/2026, 6:04:47 PM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.