LiteLLM < 1.83.10 — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/products/litellm--1.83.10/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioThu, 21 May 2026 21:18:40 +0000LiteLLM Privilege Escalation via /user/update Endpoint (CVE-2026-47102)https://feed.craftedsignal.io/briefs/2026-05-litellm-privesc/Thu, 21 May 2026 21:18:40 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-05-litellm-privesc/CVE-2026-47102 describes a privilege escalation vulnerability in LiteLLM versions prior to 1.83.10, where the /user/update endpoint allows users to modify their own user_role, potentially escalating their privileges to proxy_admin.LiteLLM versions prior to 1.83.10 are vulnerable to a privilege escalation via the /user/update endpoint (CVE-2026-47102). The vulnerability stems from insufficient access controls on the fields that users can modify within their own account profile. While the endpoint correctly restricts users to only updating their own account, it fails to prevent modification of the user_role field. By exploiting this flaw, a standard user can elevate their privileges to proxy_admin, gaining unrestricted administrative control over LiteLLM, including all users, teams, keys, models, and prompt history. Users with the org_admin role can exploit this vulnerability without chaining any additional flaws, making internal threat actors a significant risk.

Attack Chain

  1. An attacker authenticates to the LiteLLM application with standard user credentials.
  2. The attacker crafts a malicious HTTP request targeting the /user/update endpoint.
  3. The HTTP request includes a modified user_role field set to proxy_admin.
  4. The attacker sends the crafted HTTP request to the LiteLLM server.
  5. The LiteLLM server, lacking proper input validation, accepts the modified user_role value.
  6. The attacker’s account is updated with the proxy_admin role in the LiteLLM database.
  7. The attacker logs out and logs back in to refresh their permissions.
  8. The attacker, now with proxy_admin privileges, can access and control all aspects of the LiteLLM platform.

Impact

Successful exploitation of this vulnerability allows an attacker to gain full administrative control over the LiteLLM platform. This includes the ability to manage all users, teams, API keys, models, and prompt history. The attacker could potentially exfiltrate sensitive data, modify models, create new administrative accounts, or disrupt the service for all users. The vulnerability poses a significant risk to the confidentiality, integrity, and availability of the LiteLLM platform.

Recommendation

  • Upgrade to LiteLLM version 1.83.10 or later to patch CVE-2026-47102.
  • Deploy the Sigma rule “Detect CVE-2026-47102 Exploitation — LiteLLM User Role Update” to monitor for malicious attempts to modify the user_role field via the /user/update endpoint.
  • Review access logs for unusual activity related to the /user/update endpoint, specifically focusing on POST requests with modifications to user roles.
]]>highadvisoryprivilege-escalationCVE-2026-47102web-application