CVE-2026-12798 | BerriAI litellm up to 1.82.2 MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async spec_path server-side request forgery

Inserito da Angelo Barbosa | Giu 20, 2026 | CVE

A vulnerability was found in BerriAI litellm up to 1.82.2. It has been classified as critical. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery.

The identification of this vulnerability is CVE-2026-12798. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure.

CVE-2026-12798 | BerriAI litellm up to 1.82.2 MCP OpenAPI Spec Loader openapi_to_mcp_generator.py load_openapi_spec_async spec_path server-side request forgery

Post correlati

CVE-2024-47032 | Google Android lwis_ioctl.c construct_transaction_from_cmd out-of-bounds write

CVE-2024-53154 | Linux Kernel up to 6.1.119/6.6.63/6.11.10/6.12.1 applnco_probe null pointer dereference

CVE-2023-50239 | LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623 Realtek rtl819x Jungle SDK set_RadvdInterfaceParam stack-based overflow (TALOS-2023-1893)

CVE-2024-9291 | kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff XML File upfile cross site scripting