EXECUTIVE SUMMARY:
CVE-2026-49468 with a CVSS score of 9.5 is a authentication bypass vulnerability in the LiteLLM package, specifically affecting versions, which allows an attacker to exploit a Host-header parsing flaw in the LiteLLM proxy, enabling them to gain unauthorized access to protected management routes by crafting a malicious Host header that tricks the auth layer into evaluating a different route from the one intended, requiring network access to the proxy listener and a scenario where the upstream layer does not validate or normalize the Host header, such as the absence of a CDN, WAF, or reverse proxy with server_name allowlists, thereby granting the attacker the capability to access sensitive data and perform unauthorized actions, resulting in significant business impact and consequences, including potential data breaches and system compromises, under specific conditions, such as the lack of upstream layer protection, which is not present in most deployments, including LiteLLM Cloud customers.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-49468 with a CVSS score of 9.5 is a authentication bypass vulnerability in the LiteLLM package, specifically affecting versions, which allows an attacker to exploit a Host-header parsing flaw in the LiteLLM proxy, enabling them to gain unauthorized access to protected management routes by crafting a malicious Host header that tricks the auth layer into evaluating a different route from the one intended, requiring network access to the proxy listener and a scenario where the upstream layer does not validate or normalize the Host header, such as the absence of a CDN, WAF, or reverse proxy with server_name allowlists, thereby granting the attacker the capability to access sensitive data and perform unauthorized actions, resulting in significant business impact and consequences, including potential data breaches and system compromises, under specific conditions, such as the lack of upstream layer protection, which is not present in most deployments, including LiteLLM Cloud customers.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
[/emaillocker]