Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A critical security vulnerability has been disclosed in LiteLLM, an increasingly popular proxy used for managing large language model (LLM) APIs.<\/a><\/p>\n The flaw, tracked as CVE-2026-49468, allows attackers to bypass authentication mechanisms under specific conditions by exploiting improper handling of the Host header.<\/p>\n The issue affects LiteLLM versions before 1.84.0 and has been assigned a critical severity rating. The vulnerability stems from a flaw in how the LiteLLM proxy determines request routes during authentication checks.<\/p>\n The authentication mechanism relies on the By manipulating this header, an attacker can cause the authentication layer to evaluate a different route than the one FastAPI actually processes.<\/p>\n This discrepancy creates an opportunity for attackers to bypass access controls and gain unauthorized access to sensitive management endpoints.<\/p>\n The vulnerability is classified as CWE-290 (Authentication Bypass by Spoofing)<\/a> and carries a high CVSS v4 score, reflecting significant potential impact on confidentiality, integrity, and availability.<\/p>\n Notably, it requires neither authentication nor user interaction, making it particularly dangerous in exposed environments. The attack vector is network-based and low-complexity, further increasing its risk profile.<\/p>\n According to GitHub advisory GHSA-4xpc-pv4p-pm3w<\/a>, most deployments are not affected because the vulnerability is effectively mitigated when upstream infrastructure validates or normalizes the Host header.<\/p>\n This includes deployments behind content delivery networks (CDNs), web application firewalls (WAFs), reverse proxies with strict server_name validation, or cloud load balancers configured with host-based routing rules.<\/p>\n Additionally, LiteLLM Cloud customers are not impacted by this issue, as the hosted environment includes protective controls that prevent Host header manipulation.<\/p>\n The vulnerability has been patched in LiteLLM version 1.84.0, and users are strongly advised to upgrade immediately. The fix does not require any configuration changes, simplifying remediation efforts.<\/p>\n For organizations unable to upgrade immediately, temporary mitigations include placing the LiteLLM proxy<\/a> behind a trusted upstream component that enforces strict Host header validation.<\/p>\n Alternatively, restricting network access to the proxy service can reduce exposure. The vulnerability was discovered by security researchers Le The Thang from KCSC and Kim Ngoc Chung from One Mount Group.<\/p>\n Their findings highlight the risks of improper request parsing in modern API frameworks, especially when relying on headers that clients can manipulate.<\/p>\n This disclosure underscores the importance of validating input headers and ensuring consistency between routing and authentication layers in web applications, particularly those handling sensitive AI workloads.<\/p>\n CISO & Security Leaders: Your next breach may not have a face. Join ISC2\u2019s LIVE webinar, \u201cGhost in the Machine\u201d<\/strong><\/a><\/p>\n The post Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nrequest.url.path<\/code> value generated by the Starlette framework, which reconstructs the path using the Host header supplied in incoming HTTP requests.<\/p>\nLiteLLM Vulnerability\u00a0<\/strong><\/h2>\n