LiteLLM Privilege Escalation Via API Key Misconfiguration (CVE-2026-47101)
A critical privilege escalation vulnerability, CVE-2026-47101, has been identified in LiteLLM versions prior to 1.83.14. The National Vulnerability Database reports that an authenticated internal_user can craft API keys that grant access to routes beyond their assigned role. This bypasses role-based access controls entirely.
The flaw lies in how LiteLLM generates API keys. The allowed_routes field is stored without validation against the user’s existing permissions. An internal_user can specify admin-only routes when creating a new key, then use that key to successfully access those restricted endpoints. This effectively escalates privileges from an internal_user to proxy_admin.
Rated 8.8 (HIGH) on the CVSS scale, this vulnerability represents a severe access control breakdown. It’s not just about unauthorized access; it’s about a fundamental failure to enforce least privilege at the API key generation layer. Attackers don’t need to find a separate flaw to exploit; the system itself can be tricked into granting them the keys to the kingdom.
What This Means For You
- If your organization uses LiteLLM, this is a direct call to action. You need to immediately patch to version 1.83.14 or later. After patching, audit your existing API keys. While the vulnerability is in key generation, any keys created by `internal_users` before the patch could be over-privileged. Revoke and regenerate any suspicious keys. This is a classic example of a logical flaw in an access control implementation, demonstrating why robust validation at every stage of object creation is non-negotiable.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
LiteLLM Privilege Escalation via API Key Misconfiguration - CVE-2026-47101
title: LiteLLM Privilege Escalation via API Key Misconfiguration - CVE-2026-47101
id: scw-2026-05-21-ai-1
status: experimental
level: critical
description: |
Detects attempts to access admin-only routes in LiteLLM after an API key has been misconfigured to grant unauthorized access. This rule specifically targets the '/admin' path, which is indicative of an attempt to leverage a compromised or improperly configured API key for privilege escalation, as described in CVE-2026-47101.
author: SCW Feed Engine (AI-generated)
date: 2026-05-21
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-47101/
tags:
- attack.privilege_escalation
- attack.t1078.002
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/admin'
cs-method:
- 'POST'
sc-status:
- '200'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-47101 | Privilege Escalation | LiteLLM versions prior to 1.83.14 |
| CVE-2026-47101 | Auth Bypass | LiteLLM API key generation with unverified 'allowed_routes' field |
| CVE-2026-47101 | Privilege Escalation | Authenticated internal_user creating API keys with admin-only route access |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 22, 2026 at 00:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
BookingPress Pro Plugin: Critical RCE via Unauthenticated File Upload
CVE-2026-6960 — The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in...
CVE-2026-22678 — The Email Template Description Field Of The System And Serve Cross-Site Scripting (XSS)
CVE-2026-22678 — Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that...
LiteLLM Privilege Escalation: User Role Manipulation Grants Admin Access (CVE-2026-47102)
CVE-2026-47102 — LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to...