A chain of three vulnerabilities in LiteLLM, a popular open-source AI gateway, allows a low-privilege user to escalate to full admin and execute arbitrary code on the server. Because LiteLLM proxies requests to over 100 AI model providers, a successful attack exposes every API key and secret stored on the instance. Researchers at Obsidian Security disclosed the issue, making it an urgent concern for any organisation running LiteLLM in production.

Security Architect’s Take: Audit all LiteLLM deployments immediately — restrict network access to the proxy admin interface, rotate any provider API keys stored on affected instances, and apply the patched version as soon as it is available. Consider placing LiteLLM behind a zero-trust gateway and enforcing least-privilege at the network layer until a patch is confirmed.

Original advisory: LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers