LiteLLM 1.74.2 < 1.83.7 Command Injection Vulnerability (GHSA-v4p8-mg3p-g94g)

high Nessus Plugin ID 324115

Synopsis

The remote host has a compromised version of LiteLLM installed.

Description

The version of the LiteLLM Python package installed on the remote host is 1.74.2 before 1.83.7. It is, therefore, affected by a vulnerability:

- From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. (CVE-2026-42271)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to LiteLLM version 1.83.7 or later.

See Also

https://github.com/advisories/GHSA-v4p8-mg3p-g94g

https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable

Plugin Details

Severity: High

ID: 324115

File Name: litellm_CVE-2026-42271.nasl

Version: 1.2

Type: Local

Agent: windows, macosx, unix

Published: 7/1/2026

Updated: 7/2/2026

Configuration: Enable thorough checks (optional)

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

Percentile: 99.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-42271

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 8.7

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:N/SA:N

Vulnerability Information

CPE: cpe:/a:litellm:litellm

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/19/2026

Vulnerability Publication Date: 4/21/2026

CISA Known Exploited Vulnerability Due Dates: 6/22/2026

Reference Information

CVE: CVE-2026-42271