CVE-2026-12796 | BerriAI litellm up to 1.82.2 SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

A vulnerability has been found in BerriAI litellm up to 1.82.2 and classified as critical. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads to session expiration.

This vulnerability is uniquely identified as CVE-2026-12796. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure.

CVE-2026-12796 | BerriAI litellm up to 1.82.2 SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration

Post correlati

CVE-2025-52435 | Apache NimBLE up to 1.8.0 Pause Encryption Procedure cleartext transmission

CVE-2024-32859 | Dell CPG BIOS prior 2.18.0 input validation (dsa-2024-124)

CVE-2025-22410 | Google Android 15 use after free

CVE-2026-7647 | Cozmoslabs Profile Builder Pro Plugin up to 3.14.5 on WordPress AJAX maybe_unserialize args deserialization