BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.

Basic Information

ID CVE-2026-12795

Source VulDB

Published Jun 21, 2026 at 08:30

Affected Product

Vendor BerriAI

Product litellm

Version 1.82.0

Affected Versions BerriAI litellm 1.82.0
BerriAI litellm 1.82.1
BerriAI litellm 1.82.2

CWE Classification

CWE-306 CWE-287

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.",
    "published": "2026-06-21T08:30:07.820Z",
    "modified": "2026-06-21T08:30:07.820Z",
    "type": "cve",
    "title": "BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/372557\nhttps://vuldb.com/vuln/372557/cti\nhttps://vuldb.com/cve/CVE-2026-12795\nhttps://vuldb.com/submit/811286\nhttps://gist.github.com/YLChen-007/9b13c75a3a73187a4082cc6df0b100d3",
    "id": "CVE-2026-12795",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "BerriAI litellm 1.82.0\nBerriAI litellm 1.82.1\nBerriAI litellm 1.82.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "litellm",
    "version": "1.82.0",
    "vendor": "BerriAI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication_CVE-2026-12795