LiteLLM Vuln Chain: Low-Privilege to Full Server Takeover
🔴 Critical | Source: The Hacker News A chain of three vulnerabilities in LiteLLM, a popular open-source AI gateway, allows a low-privilege user to escalate to full admin and execute arbitrary code on the server. Because LiteLLM proxies requests to over 100 AI model providers, a successful attack exposes every API key and secret stored on the instance. Researchers at Obsidian Security disclosed the issue, making it an urgent concern for any organisation running LiteLLM in production. ...