CVE-2026-12799 | BerriAI litellm up to 1.82.2 Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

Inserito da Angelo Barbosa | Giu 20, 2026 | CVE

A vulnerability was found in BerriAI litellm up to 1.82.2. It has been declared as problematic. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization.

This vulnerability is referenced as CVE-2026-12799. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure.

CVE-2026-12799 | BerriAI litellm up to 1.82.2 Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorization

Post correlati

CVE-2024-49373 | No Fuss Computing Centurion ERP up to 1.2.0 Project improper isolation or compartmentalization (GHSA-5qmx-pr2f-qhj5)

CVE-2024-7878 | WP ULike Plugin up to 4.7.3 on WordPress Setting cross site scripting

CVE-2026-21265 | Microsoft Windows up to Server 2025 Secure Boot Certificate reliance on component that is not updateable

CVE-2024-50038 | Linux Kernel up to 5.15.167/6.1.112/6.6.56/6.11.3 xt_cluster.c skb_network_header stack-based overflow