CVE-2026-12773 | BerriAI litellm up to 1.59.8 MCP Proxy user_api_key_auth_mcp.py UserAPIKeyAuth improper authentication

A vulnerability, which was classified as critical, was found in BerriAI litellm up to 1.59.8. Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy. Executing a manipulation can lead to improper authentication.

The identification of this vulnerability is CVE-2026-12773. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure.VulDB Recent EntriesRead More