CVE-2026-12773— BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-12773
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BerriAI litellm MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-12773
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-12773
请登录查看更多情报信息。
Proof of Concept for CVE-2026-12773 (1)
Same Patch Batch · BerriAI · 2026-06-21 · 10 CVEs total
| CVE-2026-12795 | 7.3 HIGH | BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication |
| CVE-2026-12798 | 6.3 MEDIUM | BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_asyn |
| CVE-2026-12774 | 6.3 MEDIUM | BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client s |
| CVE-2026-12796 | 6.3 MEDIUM | BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid sessio |
| CVE-2026-12772 | 6.3 MEDIUM | BerriAI litellm PROXY_ADMIN database API Key Generator login_utils.py authenticate_user se |
| CVE-2026-12797 | 6.3 MEDIUM | BerriAI litellm Completions banned_keywords.py async_pre_call_hook authorization |
| CVE-2026-12770 | 5.4 MEDIUM | BerriAI litellm Admin Key key_management_endpoints.py improper authorization |
| CVE-2026-12771 | 5.0 MEDIUM | BerriAI litellm M2M JWT user_api_key_auth.py improper authorization |
| CVE-2026-12799 | 4.3 MEDIUM | BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users impr |
IV. Related Vulnerabilities
Same product: litellm
- CVE-2026-49468
LiteLLM: Authentication Bypass via Host Header Injection - CVE-2026-12799
BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_e - CVE-2026-12798
BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_gener - CVE-2026-12797
BerriAI litellm Completions banned_keywords.py async_pre_cal - CVE-2026-12796
BerriAI litellm SSO Authentication Flow ui_sso.py get_redire
Same vendor: BerriAI
- CVE-2026-49468
LiteLLM: Authentication Bypass via Host Header Injection - CVE-2026-12799
BerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_e - CVE-2026-12798
BerriAI litellm MCP OpenAPI Spec Loader openapi_to_mcp_gener - CVE-2026-12797
BerriAI litellm Completions banned_keywords.py async_pre_cal - CVE-2026-12796
BerriAI litellm SSO Authentication Flow ui_sso.py get_redire
Same weakness: CWE-287
- CVE-2026-11703
Missing SNI/ALPN binding on stateful (session-ID) TLS sessio - CVE-2026-55962
TLS 1.3 post-handshake authentication: server accepts Finish - CVE-2026-54089
File Browser: Authentication Bypass via Proxy Auth Header Fo - CVE-2026-55759
Rocket.Chat: Apple Sign-In skips JWT claims validation, allo - CVE-2026-55666
Rocket.Chat: Email Parameter Fallback Leads To Account Takeo
V. Comments for CVE-2026-12773
No comments yet