AI Threat Alert AI Threat Alert

GHSA-r75f-5x8p-qvmc

GHSA-r75f-5x8p-qvmc CRITICAL
Published April 24, 2026

### Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted `Authorization` header to any LLM API route (for example `POST...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
litellm pip >= 1.81.16, < 1.83.7 1.83.7
43.8K OpenSSF 6.2 2.0K dependents Pushed 5d ago 56% patched ~47d to patch Full package profile →

Do you use litellm? You're affected.

Severity & Risk

CVSS 3.1
N/A
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Recommended Action

Patch available

Update litellm to version 1.83.7

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is GHSA-r75f-5x8p-qvmc?

LiteLLM has SQL Injection in Proxy API key verification

Is GHSA-r75f-5x8p-qvmc actively exploited?

No confirmed active exploitation of GHSA-r75f-5x8p-qvmc has been reported, but organizations should still patch proactively.

How to fix GHSA-r75f-5x8p-qvmc?

Update to patched version: litellm 1.83.7.

What is the CVSS score for GHSA-r75f-5x8p-qvmc?

No CVSS score has been assigned yet.

Technical Details

NVD Description

### Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted `Authorization` header to any LLM API route (for example `POST /chat/completions`) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. ### Patches Fixed in **`1.83.7`**. The caller-supplied value is now always passed to the database as a separate parameter. Upgrade to `1.83.7` or later. ### Workarounds If upgrading is not immediately possible, set `disable_error_logs: true` under `general_settings`. This removes the path through which unauthenticated input reaches the vulnerable query.

Weaknesses (CWE)

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Primary

References

Timeline

Published
April 24, 2026
Last Modified
April 24, 2026
First Seen
April 24, 2026

Related Vulnerabilities

CRITICAL CVE-2026-35030 9.1

LiteLLM: auth bypass via JWT cache key collision

Same package: litellm
HIGH CVE-2026-40217 8.8

LiteLLM: RCE via bytecode rewriting in guardrails API

Same package: litellm
HIGH CVE-2024-6825 8.8

LiteLLM: RCE via post_call_rules callback injection

Same package: litellm
HIGH CVE-2025-0628 8.1

litellm: privilege escalation viewer→proxy admin via bad API key

Same package: litellm
HIGH CVE-2024-4888 8.1

litellm: arbitrary file deletion via audio endpoint

Same package: litellm
Back to Threat Feed