๐Ÿ” CVE Alert

CVE-2026-59819

UNKNOWN 0.0

LiteLLM: Local file read via request-supplied OIDC file references

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
20th

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM's /health/test_connection endpoint resolved request-supplied environment and OIDC file references in litellm_params, allowing a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable.

CWE CWE-73
Vendor berriai
Product litellm
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for berriai litellm

Be the first to know when new unknown vulnerabilities affecting berriai litellm are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

BerriAI / litellm
< 1.83.10-stable

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/BerriAI/litellm/security/advisories/GHSA-4g5m-c9r5-49xf github.com: https://github.com/BerriAI/litellm/pull/25592 github.com: https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stable