CVE-2026-12771

low

Description

A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.

References

https://vuldb.com/vuln/372513/cti

https://vuldb.com/vuln/372513

https://vuldb.com/submit/811280

https://vuldb.com/cve/CVE-2026-12771

https://gist.github.com/YLChen-007/70e4e106527f74ddf17953ff0f6c248d

Details

Source: Mitre, NVD

Published: 2026-06-21

Updated: 2026-06-21

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 2.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Low