CVE-2026-12773

Summary

A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.

Affected Software

VendorProductVersion RangeStatus
BerriAIlitellm1.59.0affected
BerriAIlitellm1.59.1affected
BerriAIlitellm1.59.2affected
BerriAIlitellm1.59.3affected
BerriAIlitellm1.59.4affected
BerriAIlitellm1.59.5affected
BerriAIlitellm1.59.6affected
BerriAIlitellm1.59.7affected
BerriAIlitellm1.59.8affected

Weaknesses

  • CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

litellm: BerriAI litellm: Improper authentication in MCP Proxy via UserAPIKeyAuth function

Additional References

References