CVE-2026-35030
- Source
- https://cve.org/CVERecord?id=CVE-2026-35030
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-35030.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-35030
- Aliases
- Downstream
- Related
- Published
- 2026-04-06T16:47:02.065Z
- Modified
- 2026-05-28T03:54:54.818273661Z
- Severity
-
- 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N CVSS Calculator
- Summary
- LiteLLM has an authentication bypass via OIDC userinfo cache key collision
- Details
-
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enablejwtauth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled. Fixed in v1.83.0.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/35xxx/CVE-2026-35030.json", "cwe_ids": [ "CWE-287" ], "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/berriai/litellm
Affected ranges
- Type
- GIT
- Repo
- https://github.com/berriai/litellm
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.16.12
1.16.13
1.16.14
1.34.2
1.34.20-stable
1.34.28.dev3
1.34.35-stable
1.34.39.dev1
1.35.1.dev1
1.35.13.dev1
1.35.24.dev6
1.35.33.dev4
1.35.36.dev1
1.35.5.dev2
1.40.8.dev1
1.41.11.dev5
1.41.12.dev1
1.41.14.dev15
1.44.6
1.64.0.dev1
1.72.6.rc-draft
1.74.15.rc.1
Other
latest
pr-litellm-spend-logs-db
stable
test
litellm-pres-dev-v1.*
litellm-pres-dev-v1.81.15
litellm_1.*
litellm_1.81.13-dev
litellm_pro-mgmnt-dev-v1.*
litellm_pro-mgmnt-dev-v1.81.13
litellm_sso-dev-v1.*
litellm_sso-dev-v1.81.13
litellmv1.*
litellmv1.81.15.presidio.dev
v.*
v.1.32.34-stable
v0.*
v0.1.387
v0.1.492
v0.1.574
v0.1.738
v0.11.1
v0.8.4
v1.*
v1.1.0
v1.10.4
v1.11.1
v1.15.0
v1.15.5
v1.16-test2
v1.16-test3
v1.16-test4
v1.16.13
v1.16.15
v1.16.16
v1.16.17
v1.16.17-test
v1.16.17-test2
v1.16.17-test3
v1.16.18
v1.16.19
v1.16.20
v1.16.20.dev1
v1.16.20.dev3
v1.16.21
v1.16.3
v1.16.6
v1.17.0
v1.17.1
v1.17.10
v1.17.12
v1.17.13
v1.17.14
v1.17.15
v1.17.16
v1.17.17
v1.17.18
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.17.8
v1.17.9
v1.18.0
v1.18.1
v1.18.10
v1.18.11
v1.18.12
v1.18.13
v1.18.2
v1.18.4
v1.18.5
v1.18.6
v1.18.7
v1.18.8
v1.18.9
v1.19.0
v1.19.2
v1.19.3
v1.19.4
v1.19.6
v1.20.0
v1.20.1
v1.20.2
v1.20.3
v1.20.5
v1.20.6
v1.20.7
v1.20.8
v1.20.9
v1.21.0
v1.21.1
v1.21.4
v1.21.5
v1.21.6
v1.21.7
v1.22.10
v1.22.11
v1.22.2
v1.22.3
v1.22.5
v1.22.8
v1.22.9
v1.23.0
v1.23.1
v1.23.10
v1.23.12
v1.23.14
v1.23.15
v1.23.16
v1.23.2
v1.23.3
v1.23.4
v1.23.5
v1.23.7
v1.23.8
v1.23.9
v1.24.1
v1.24.3
v1.24.5
v1.24.6
v1.25.0
v1.25.1
v1.25.2
v1.26.0
v1.26.1
v1.26.10
v1.26.11
v1.26.13
v1.26.2
v1.26.3
v1.26.4
v1.26.5
v1.26.6
v1.26.7
v1.26.8
v1.26.9
v1.27.1
v1.27.10
v1.27.14
v1.27.15
v1.27.4
v1.27.6
v1.27.7
v1.27.8
v1.27.9
v1.28.0
v1.28.1
v1.28.10
v1.28.11
v1.28.13
v1.28.2
v1.28.3
v1.28.4
v1.28.6
v1.28.7
v1.28.8
v1.28.9
v1.29.1
v1.29.3
v1.29.4
v1.29.5
v1.29.7
v1.30.0
v1.30.1
v1.30.2
v1.30.3
v1.30.4
v1.30.5
v1.30.6
v1.30.7
v1.31.10
v1.31.12
v1.31.12-dev
v1.31.12-dev1
v1.31.12-dev3
v1.31.13
v1.31.14
v1.31.15
v1.31.16
v1.31.17
v1.31.2
v1.31.3
v1.31.4
v1.31.5
v1.31.6
v1.31.7
v1.31.8
v1.31.9
v1.32.1
v1.32.3
v1.32.33-stable
v1.32.33.dev1
v1.32.4
v1.32.7
v1.32.7.dev1
v1.32.7.dev3
v1.32.7.dev5
v1.32.9
v1.33.0
v1.33.1
v1.33.2
v1.33.3
v1.33.4
v1.33.7
v1.33.8
v1.33.9
v1.34.0
v1.34.1
v1.34.10
v1.34.10.dev1
v1.34.12
v1.34.13
v1.34.14
v1.34.16
v1.34.17
v1.34.18
v1.34.19
v1.34.20
v1.34.21
v1.34.21-stable
v1.34.22
v1.34.22-stable
v1.34.22.dev15-stable
v1.34.23-stable
v1.34.25
v1.34.26
v1.34.27
v1.34.28
v1.34.28.dev12
v1.34.29
v1.34.3
v1.34.33
v1.34.34
v1.34.34.dev1
v1.34.35
v1.34.36
v1.34.36.dev2
v1.34.37
v1.34.37.dev1
v1.34.38
v1.34.39
v1.34.4
v1.34.4.dev1
v1.34.4.dev2
v1.34.40
v1.34.41
v1.34.42
v1.34.5
v1.34.6
v1.34.8
v1.34.8.dev1
v1.35.0
v1.35.1
v1.35.1.dev1
v1.35.1.dev2
v1.35.10
v1.35.11
v1.35.12
v1.35.13
v1.35.14
v1.35.15
v1.35.15-stable
v1.35.16
v1.35.17
v1.35.18
v1.35.19
v1.35.2
v1.35.20
v1.35.20.dev2
v1.35.21
v1.35.21-stable
v1.35.23
v1.35.24
v1.35.24.dev1
v1.35.25
v1.35.26
v1.35.26.dev1
v1.35.28
v1.35.28.dev1
v1.35.29
v1.35.3
v1.35.30
v1.35.31
v1.35.32
v1.35.32.dev1
v1.35.33
v1.35.33.dev1
v1.35.33.dev2
v1.35.33.dev3
v1.35.34
v1.35.35
v1.35.35.dev1
v1.35.36
v1.35.36-dev2
v1.35.37
v1.35.38
v1.35.38-stable
v1.35.4
v1.35.5
v1.35.6
v1.35.7
v1.35.8
v1.35.8.dev1
v1.36.0
v1.36.1
v1.36.2
v1.36.2-stable
v1.36.3
v1.36.4
v1.36.4-stable
v1.37.0
v1.37.0.dev_version_headers
v1.37.10
v1.37.11
v1.37.12
v1.37.12-stable
v1.37.12.dev1
v1.37.13
v1.37.13-stable
v1.37.14
v1.37.16
v1.37.16-stable
v1.37.17
v1.37.19
v1.37.19-stable
v1.37.2
v1.37.20
v1.37.20.dev1
v1.37.3
v1.37.3-stable
v1.37.5
v1.37.5-stable
v1.37.6
v1.37.7
v1.37.7-stable
v1.37.9
v1.37.9-stable
v1.38.0
v1.38.0-stable
v1.38.1
v1.38.10
v1.38.11
v1.38.12
v1.38.2
v1.38.3
v1.38.4
v1.38.4-stable
v1.38.5
v1.38.7
v1.38.7-stable
v1.38.8
v1.38.8-stable
v1.39.2
v1.39.3
v1.39.4
v1.39.5
v1.39.5-stable
v1.39.6
v1.40.0
v1.40.1
v1.40.1.dev2
v1.40.1.dev4
v1.40.10
v1.40.11
v1.40.12
v1.40.13
v1.40.14
v1.40.15
v1.40.16
v1.40.17
v1.40.19
v1.40.2
v1.40.2-stable
v1.40.20
v1.40.21
v1.40.22
v1.40.24
v1.40.25
v1.40.26
v1.40.27
v1.40.28
v1.40.29
v1.40.3
v1.40.3-stable
v1.40.31
v1.40.4
v1.40.5
v1.40.6
v1.40.7
v1.40.7.dev1
v1.40.8
v1.40.8-stable
v1.40.9
v1.40.9-stable
v1.41.0
v1.41.0-stable
v1.41.1
v1.41.11
v1.41.11.dev1
v1.41.12
v1.41.13
v1.41.14
v1.41.14.dev10
v1.41.14.dev8
v1.41.15
v1.41.17
v1.41.18
v1.41.19
v1.41.2
v1.41.2-stable
v1.41.20
v1.41.21
v1.41.22
v1.41.23
v1.41.23-stable
v1.41.24
v1.41.24.dev1
v1.41.25
v1.41.26
v1.41.26.dev1
v1.41.27
v1.41.28
v1.41.3
v1.41.3.dev2
v1.41.4
v1.41.4.dev1
v1.41.5
v1.41.5.dev1
v1.41.6
v1.41.6.dev1
v1.41.7
v1.41.8
v1.41.8.dev1
v1.41.8.dev2
v1.42.0
v1.42.0-stable
v1.42.1
v1.42.10
v1.42.10-stable
v1.42.11
v1.42.12
v1.42.2
v1.42.2-stable
v1.42.3
v1.42.3-stable
v1.42.4
v1.42.4-stable
v1.42.5
v1.42.5-dev1
v1.42.5-dev2
v1.42.5-stable
v1.42.6
v1.42.7
v1.42.7-stable
v1.42.8
v1.42.9
v1.42.9-stable
v1.42.9-stable-fix
v1.42.9.dev1
v1.43.0
v1.43.1
v1.43.1-dev1
v1.43.10
v1.43.10-stable
v1.43.12
v1.43.13
v1.43.13-stable
v1.43.15
v1.43.15-stable
v1.43.16
v1.43.16-stable
v1.43.17
v1.43.18
v1.43.18-stable
v1.43.19
v1.43.19-stable
v1.43.19.dev1
v1.43.19.dev2
v1.43.2
v1.43.3
v1.43.4
v1.43.4.dev5
v1.43.5
v1.43.5-stable
v1.43.6
v1.43.6-stable
v1.43.6.dev1
v1.43.7
v1.43.7-stable
v1.43.9
v1.44.1
v1.44.10
v1.44.10-stable
v1.44.11
v1.44.11-stable
v1.44.12
v1.44.12-stable
v1.44.13
v1.44.13-stable
v1.44.14
v1.44.14-stable
v1.44.15
v1.44.15-stable
v1.44.16
v1.44.16-stable
v1.44.17
v1.44.17-stable
v1.44.18
v1.44.18-stable
v1.44.19
v1.44.19-stable
v1.44.2
v1.44.21
v1.44.21-stable
v1.44.22
v1.44.22-stable
v1.44.23
v1.44.23-stable
v1.44.24
v1.44.25
v1.44.26
v1.44.27
v1.44.28
v1.44.3
v1.44.4
v1.44.4.dev2
v1.44.5
v1.44.6
v1.44.6-stable
v1.44.7
v1.44.8
v1.44.8-dev1
v1.44.9
v1.45.0
v1.46.0
v1.46.1
v1.46.2
v1.46.4
v1.46.5
v1.46.6
v1.46.7
v1.46.8
v1.47.0
v1.47.1
v1.47.2
v1.47.2.dev4
v1.48.0
v1.48.1
v1.48.10
v1.48.11
v1.48.11-stable
v1.48.12
v1.48.14
v1.48.14-stable
v1.48.15
v1.48.16
v1.48.16-stable
v1.48.17
v1.48.17-stable
v1.48.18
v1.48.19
v1.48.19-stable
v1.48.2
v1.48.2.dev8
v1.48.3
v1.48.4
v1.48.4-stable
v1.48.5
v1.48.5-stable
v1.48.5.dev1
v1.48.6
v1.48.7
v1.48.7-stable
v1.48.8
v1.48.8-stable
v1.48.9
v1.48.9-stable
v1.49.0
v1.49.0-stable
v1.49.1
v1.49.2
v1.49.2-stable
v1.49.3
v1.49.3-stable
v1.49.4
v1.49.5
v1.49.6
v1.49.6-stable
v1.49.7
v1.49.7-stable
v1.50.0
v1.50.0-stable
v1.50.1
v1.50.1-stable
v1.50.2
v1.50.2-stable
v1.50.4
v1.50.4-stable
v1.51.0
v1.51.0-stable
v1.51.1
v1.51.1-stable
v1.51.2
v1.51.3
v1.51.3.dev10
v1.52.0
v1.52.0-stable
v1.52.1
v1.52.10
v1.52.11
v1.52.12
v1.52.14
v1.52.15
v1.52.16
v1.52.16.dev1
v1.52.2
v1.52.3
v1.52.4
v1.52.5
v1.52.6
v1.52.8
v1.52.9
v1.53.1
v1.53.2
v1.53.3
v1.53.4
v1.53.5
v1.53.6
v1.53.7
v1.53.7-stable
v1.53.7.dev4
v1.53.8
v1.53.9
v1.54.0
v1.54.1
v1.55.0
v1.55.1
v1.55.10
v1.55.11
v1.55.12
v1.55.2
v1.55.3
v1.55.4
v1.55.4-test-release
v1.55.4-test-release-2
v1.55.8
v1.55.9
v1.55.9-test
v1.55.9-test2
v1.56.10
v1.56.2
v1.56.3
v1.56.4
v1.56.5
v1.56.6
v1.56.8
v1.56.9
v1.57.0
v1.57.1
v1.57.10
v1.57.11
v1.57.2
v1.57.3
v1.57.4
v1.57.5
v1.57.7
v1.57.8
v1.58.0
v1.58.1
v1.58.2
v1.58.4
v1.59.0
v1.59.1
v1.59.10
v1.59.2
v1.59.3
v1.59.5
v1.59.6
v1.59.7
v1.59.8
v1.59.9
v1.60.0
v1.60.0.dev2
v1.60.0.dev4
v1.60.2
v1.60.2-dev1
v1.60.4
v1.60.5
v1.60.6
v1.60.8
v1.61.0
v1.61.1
v1.61.11-nightly
v1.61.13-nightly
v1.61.13.rc
v1.61.15-nightly
v1.61.16-nightly
v1.61.17-nightly
v1.61.19-nightly
v1.61.2-nightly
v1.61.20-nightly
v1.61.20.rc
v1.61.3
v1.61.3-nightly
v1.61.3.dev1
v1.61.4-nightly
v1.61.5-nightly
v1.61.6-nightly
v1.61.7
v1.61.7-nightly
v1.61.7.dev1
v1.61.8-nightly
v1.61.9-nightly
v1.62.1-nightly
v1.62.4-nightly
v1.63.0-nightly
v1.63.11-nightly
v1.63.11-stable
v1.63.12-nightly
v1.63.14-nightly
v1.63.14.rc
v1.63.2-nightly
v1.63.3-nightly
v1.63.5-nightly
v1.63.6-nightly
v1.63.6.dev1
v1.63.7-nightly
v1.63.8-nightly
v1.64.1-nightly
v1.65.0-nightly
v1.65.0.rc
v1.65.1-nightly
v1.65.2.dev1
v1.65.3-nightly
v1.65.4-nightly
v1.65.5-nightly
v1.65.6-nightly
v1.65.7-nightly
v1.65.8-nightly
v1.66.0-nightly
v1.66.1-nightly
v1.66.2-nightly
v1.66.2.dev1
v1.66.3-nightly
v1.66.3.dev5
v1.67.0-nightly
v1.67.0-stable
v1.67.0-stable.patch2
v1.67.1-nightly
v1.67.2-nightly
v1.67.3.dev1
v1.67.3.dev4
v1.67.3.dev6
v1.67.4-nightly
v1.67.5-nightly
v1.67.6-nightly
v1.67.6.dev1
v1.67.7-stable
v1.68.0-nightly
v1.68.0-stable
v1.68.1-nightly
v1.68.1.dev1
v1.68.1.dev2
v1.68.1.dev4
v1.68.2-nightly
v1.69.0-nightly
v1.69.0-stable
v1.69.0.dev1
v1.69.1-nightly
v1.69.2-nightly
v1.69.3-nightly
v1.7.1
v1.7.11
v1.70.0-nightly
v1.70.1-stable
v1.70.1.dev2
v1.70.2-nightly
v1.70.2.dev5
v1.70.4-nightly
v1.71.0-nightly
v1.71.1-nightly
v1.71.1-stable
v1.71.2-nightly
v1.71.2.dev1
v1.71.2.dev3
v1.71.3-nightly
v1.71.3-rc
v1.72.0-nightly
v1.72.0.dev1
v1.72.0.dev3
v1.72.0.rc
v1.72.1-nightly
v1.72.1.dev1
v1.72.1.dev8
v1.72.2-nightly
v1.72.2.devMCP
v1.72.2.rc
v1.72.3-nightly
v1.72.4-nightly
v1.72.5.dev1
v1.72.6-nightly
v1.72.6.dev1
v1.72.6.rc
v1.72.7-nightly
v1.72.9-nightly
v1.73.0-nightly
v1.73.0.rc.1
v1.73.1-nightly
v1.73.2-nightly
v1.73.6-nightly
v1.73.6.rc-draft
v1.73.6.rc.1
v1.73.7-nightly
v1.74.0-nightly
v1.74.1-nightly
v1.74.12-nightly
v1.74.14-nightly
v1.74.15-nightly
v1.74.2-nightly
v1.74.3-nightly
v1.74.3-stable-draft
v1.74.3.rc.1
v1.74.4-nightly
v1.74.5.dev1
v1.74.6-nightly
v1.74.7-nightly
v1.74.7.rc.1
v1.74.8-nightly
v1.74.9-stable
v1.74.9.rc-draft
v1.74.9.rc.1
v1.75.0-nightly
v1.75.2-nightly
v1.75.3-nightly
v1.75.4-nightly
v1.75.5-stable.rc-draft
v1.75.5.rc.1
v1.75.6-nightly
v1.75.7-nightly
v1.75.8-nightly
v1.75.8-stable
v1.75.9-nightly
v1.76.0-nightly
v1.76.0-stable-draft
v1.76.1-nightly
v1.76.1.rc.1
v1.76.2-nightly
v1.76.3-nightly
v1.76.3.dev1
v1.76.3.rc.1
v1.77.0-nightly
v1.77.1-nightly
v1.77.1.dev.1
v1.77.1.dev.2
v1.77.1.rc.1-v2
v1.77.2.rc.1
v1.77.3-nightly
v1.77.3.dynamic_rates
v1.77.4-nightly
v1.77.5-nightly
v1.77.5.rc.1
v1.77.6.dev.1
v1.77.7-nightly
v1.77.7.dev.3
v1.77.7.dev9
v1.77.7.rc.1
v1.77.7.rc.2
v1.78.0-nightly
v1.78.2-nightly
v1.78.3-nightly
v1.78.4-nightly
v1.78.4.dev1
v1.78.5-nightly
v1.78.5-stable
v1.78.5.rc.1
v1.78.6-nightly
v1.78.7-nightly
v1.79.0-nightly
v1.79.0.rc.1
v1.79.1-nightly
v1.79.1.rc.1
v1.79.2-nightly
v1.79.3-nightly
v1.79.3.dev5
v1.79.3.dev7
v1.79.3.rc.1
v1.79.dev.1
v1.80.0-nightly
v1.80.0.dev1
v1.80.0.dev2
v1.80.0.dev6
v1.80.10-nightly
v1.80.10.dev.1
v1.80.10.rc.1
v1.80.11-nightly
v1.80.11-stable
v1.80.11.rc.1
v1.80.12-nightly
v1.80.13-nightly
v1.80.15-nightly
v1.80.15.rc.1
v1.80.16-nightly
v1.80.16.dev6
v1.80.17-nightly
v1.80.5-nightly
v1.80.5.dev2
v1.80.6-nightly
v1.80.7.dev.3
v1.80.8-nightly
v1.80.8.dev.1
v1.80.8.rc.1
v1.80.9-nightly
v1.80.9.dev1
v1.81.0-nightly
v1.81.0.rc.1
v1.81.1-nightly
v1.81.12-nightly
v1.81.13.dev1
v1.81.14-nightly
v1.81.14.rc.1
v1.81.16.custm-auth.dev
v1.81.3-nightly
v1.81.3.rc
v1.81.3.rc.1
v1.81.3.rc.5
v1.81.7.dev1
v1.81.9-nightly
v1.81.9-stable
v1.81.9.rc.1
v1.82.1-nightly
v1.82.1-silent-dev2
v1.82.1.rc.1
v1.82.4-nightly
v1.82.5.dev.1
v1.82.6.dev2