{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/litellm--1.83.10/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-47102"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["LiteLLM \u003c 1.83.10"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","CVE-2026-47102","web-application"],"_cs_type":"advisory","_cs_vendors":["LiteLLM"],"content_html":"\u003cp\u003eLiteLLM versions prior to 1.83.10 are vulnerable to a privilege escalation via the \u003ccode\u003e/user/update\u003c/code\u003e endpoint (CVE-2026-47102). The vulnerability stems from insufficient access controls on the fields that users can modify within their own account profile. While the endpoint correctly restricts users to only updating their own account, it fails to prevent modification of the \u003ccode\u003euser_role\u003c/code\u003e field. By exploiting this flaw, a standard user can elevate their privileges to \u003ccode\u003eproxy_admin\u003c/code\u003e, gaining unrestricted administrative control over LiteLLM, including all users, teams, keys, models, and prompt history. Users with the \u003ccode\u003eorg_admin\u003c/code\u003e role can exploit this vulnerability without chaining any additional flaws, making internal threat actors a significant risk.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the LiteLLM application with standard user credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/user/update\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe HTTP request includes a modified \u003ccode\u003euser_role\u003c/code\u003e field set to \u003ccode\u003eproxy_admin\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted HTTP request to the LiteLLM server.\u003c/li\u003e\n\u003cli\u003eThe LiteLLM server, lacking proper input validation, accepts the modified \u003ccode\u003euser_role\u003c/code\u003e value.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s account is updated with the \u003ccode\u003eproxy_admin\u003c/code\u003e role in the LiteLLM database.\u003c/li\u003e\n\u003cli\u003eThe attacker logs out and logs back in to refresh their permissions.\u003c/li\u003e\n\u003cli\u003eThe attacker, now with \u003ccode\u003eproxy_admin\u003c/code\u003e privileges, can access and control all aspects of the LiteLLM platform.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker to gain full administrative control over the LiteLLM platform. This includes the ability to manage all users, teams, API keys, models, and prompt history. The attacker could potentially exfiltrate sensitive data, modify models, create new administrative accounts, or disrupt the service for all users. The vulnerability poses a significant risk to the confidentiality, integrity, and availability of the LiteLLM platform.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to LiteLLM version 1.83.10 or later to patch CVE-2026-47102.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2026-47102 Exploitation — LiteLLM User Role Update\u0026rdquo; to monitor for malicious attempts to modify the \u003ccode\u003euser_role\u003c/code\u003e field via the \u003ccode\u003e/user/update\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eReview access logs for unusual activity related to the \u003ccode\u003e/user/update\u003c/code\u003e endpoint, specifically focusing on POST requests with modifications to user roles.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-21T21:18:40Z","date_published":"2026-05-21T21:18:40Z","id":"https://feed.craftedsignal.io/briefs/2026-05-litellm-privesc/","summary":"CVE-2026-47102 describes a privilege escalation vulnerability in LiteLLM versions prior to 1.83.10, where the /user/update endpoint allows users to modify their own user_role, potentially escalating their privileges to proxy_admin.","title":"LiteLLM Privilege Escalation via /user/update Endpoint (CVE-2026-47102)","url":"https://feed.craftedsignal.io/briefs/2026-05-litellm-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed — LiteLLM \u003c 1.83.10","version":"https://jsonfeed.org/version/1.1"}