CVE-2026-59819
LiteLLM: Local file read via request-supplied OIDC file references
CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
20th
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM's /health/test_connection endpoint resolved request-supplied environment and OIDC file references in litellm_params, allowing a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable.
| CWE | CWE-73 |
| Vendor | berriai |
| Product | litellm |
| Published | Jul 8, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for berriai litellm
Be the first to know when new unknown vulnerabilities affecting berriai litellm are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
BerriAI / litellm
< 1.83.10-stable