CVE-2026-35029
LiteLLM: Privilege escalation via unrestricted proxy configuration endpoint
Description
### Impact The `/config/update endpoint` does not enforce admin role authorization. A user who is already authenticated into the platform can then use this endpoint to do the following: - Modify proxy configuration and environment variables - Register custom pass-through endpoint handlers pointing to attacker-controlled Python code, achieving remote code execution - Read arbitrary server files by setting UI_LOGO_PATH and fetching via /get_image - Take over other priveleged accounts by overwriting UI_USERNAME and UI_PASSWORD environment variables ### Patches Fixed in v1.83.0. The endpoint now requires `proxy_admin` role. ### Workarounds Restrict API key distribution. There is no configuration-level workaround.
How to fix CVE-2026-35029
To remediate CVE-2026-35029, upgrade the affected package to a fixed version below.
- —upgrade to 1.83.0 or later
Is CVE-2026-35029 being exploited?
Moderate — EPSS is 19.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.83.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N |