LiteLLM Privilege Escalation: User Role Manipulation Grants Admin Access (CVE-2026-47102)
A critical vulnerability, CVE-2026-47102, has been identified in LiteLLM versions prior to 1.83.10. The National Vulnerability Database reports that this flaw allows an authenticated user to escalate their privileges to proxy_admin via the /user/update endpoint. While the endpoint correctly restricts users to modifying only their own account, it fails to validate which fields can be updated. This oversight enables a malicious actor to directly change their user_role attribute.
The impact is severe: gaining proxy_admin access grants full administrative control over the LiteLLM instance. This includes unfettered access to all user accounts, teams, API keys, model configurations, and sensitive prompt history. The National Vulnerability Database assigns this a CVSSv3.1 score of 8.8 (HIGH), underscoring the ease of exploitation and the extensive compromise possible. Notably, users with the org_admin role already have legitimate access to this endpoint, making exploitation trivial without requiring additional attack chaining.
This is a straightforward privilege escalation that attackers will absolutely leverage. The attacker’s calculus is simple: get a low-privilege account, hit the update endpoint, and own the entire environment. Defenders need to understand that this isn’t some complex zero-day — it’s a basic authorization bypass that has massive implications for data confidentiality and system integrity.
What This Means For You
- If your organization uses LiteLLM, you must immediately patch to version 1.83.10 or later. Prioritize this. Any authenticated user, even with minimal privileges, can exploit CVE-2026-47102 to gain full administrative control. Audit your LiteLLM user logs for any suspicious role changes or unexpected administrative actions, especially around the `/user/update` endpoint, as this could indicate active exploitation.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
LiteLLM User Role Manipulation to Proxy Admin - CVE-2026-47102
title: LiteLLM User Role Manipulation to Proxy Admin - CVE-2026-47102
id: scw-2026-05-21-ai-1
status: experimental
level: critical
description: |
Detects the specific API endpoint and parameter modification used in CVE-2026-47102 to escalate privileges within LiteLLM by setting the user_role to 'proxy_admin'.
author: SCW Feed Engine (AI-generated)
date: 2026-05-21
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-47102/
tags:
- attack.privilege_escalation
- attack.t1078.004
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/user/update'
cs-method|exact:
- 'POST'
cs-uri-query|contains:
- 'user_role=proxy_admin'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-47102 | Privilege Escalation | LiteLLM < 1.83.10 |
| CVE-2026-47102 | Privilege Escalation | Vulnerable endpoint: /user/update |
| CVE-2026-47102 | Privilege Escalation | Ability to modify 'user_role' field |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 22, 2026 at 00:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
BookingPress Pro Plugin: Critical RCE via Unauthenticated File Upload
CVE-2026-6960 — The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpress_validate_submitted_booking_form_func' function in...
CVE-2026-22678 — The Email Template Description Field Of The System And Serve Cross-Site Scripting (XSS)
CVE-2026-22678 — Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that...
LiteLLM Privilege Escalation Via API Key Misconfiguration (CVE-2026-47101)
CVE-2026-47101 — LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When...