CVE-2026-59819: CWE-73: External Control of File Name or Path in BerriAI litellm
CVE-2026-59819 is a low-severity vulnerability in BerriAI's LiteLLM proxy server prior to version 1.83.10-stable. The /health/test_connection endpoint allowed privileged users to read local filesystem files by resolving request-supplied environment and OIDC file references. This issue is fixed in version 1.83.10-stable.
AI Analysis
Technical Summary
LiteLLM, a proxy server for calling LLM APIs, had a vulnerability (CWE-73: External Control of File Name or Path) in its /health/test_connection endpoint before version 1.83.10-stable. This endpoint resolved environment and OIDC file references supplied in litellm_params, enabling a proxy administrator or other privileged callers with permission to test model connections to read arbitrary local files via oidc/file/ references. The vulnerability is addressed in version 1.83.10-stable.
Potential Impact
An attacker with privileged access to test model connections could read arbitrary files from the local filesystem, potentially exposing sensitive information. The CVSS 4.0 score is 2.1, indicating low severity and limited impact due to required privileges and lack of user interaction.
Mitigation Recommendations
Upgrade to LiteLLM version 1.83.10-stable or later, where this vulnerability is fixed. No other mitigation guidance is provided or necessary as the fix is available in this version.
CVE-2026-59819: CWE-73: External Control of File Name or Path in BerriAI litellm
Description
CVE-2026-59819 is a low-severity vulnerability in BerriAI's LiteLLM proxy server prior to version 1.83.10-stable. The /health/test_connection endpoint allowed privileged users to read local filesystem files by resolving request-supplied environment and OIDC file references. This issue is fixed in version 1.83.10-stable.
CVSS v4.0
Score 2.1low
Affected software
pkg:github/berriai/litellmRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
LiteLLM, a proxy server for calling LLM APIs, had a vulnerability (CWE-73: External Control of File Name or Path) in its /health/test_connection endpoint before version 1.83.10-stable. This endpoint resolved environment and OIDC file references supplied in litellm_params, enabling a proxy administrator or other privileged callers with permission to test model connections to read arbitrary local files via oidc/file/ references. The vulnerability is addressed in version 1.83.10-stable.
Potential Impact
An attacker with privileged access to test model connections could read arbitrary files from the local filesystem, potentially exposing sensitive information. The CVSS 4.0 score is 2.1, indicating low severity and limited impact due to required privileges and lack of user interaction.
Mitigation Recommendations
Upgrade to LiteLLM version 1.83.10-stable or later, where this vulnerability is fixed. No other mitigation guidance is provided or necessary as the fix is available in this version.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-07-07T15:00:50.978Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4ea889c9d9e3dbe3a52694
Added to database: 07/08/2026, 19:44:09 UTC
Last enriched: 07/08/2026, 19:59:04 UTC
Last updated: 07/08/2026, 20:38:12 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.