BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.

Basic Information

ID CVE-2026-12774

Source VulDB

Published Jun 21, 2026 at 03:45

Affected Product

Vendor BerriAI

Product litellm

Version 1.82.0

Affected Versions BerriAI litellm 1.82.0
BerriAI litellm 1.82.1
BerriAI litellm 1.82.2

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.",
    "published": "2026-06-21T03:45:06.835Z",
    "modified": "2026-06-21T03:45:06.835Z",
    "type": "cve",
    "title": "BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/372516\nhttps://vuldb.com/vuln/372516/cti\nhttps://vuldb.com/cve/CVE-2026-12774\nhttps://vuldb.com/submit/811285\nhttps://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981",
    "id": "CVE-2026-12774",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "BerriAI litellm 1.82.0\nBerriAI litellm 1.82.1\nBerriAI litellm 1.82.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "litellm",
    "version": "1.82.0",
    "vendor": "BerriAI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery_CVE-2026-12774