CVE-2026-12774 | BerriAI litellm up to 1.82.2 MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery

A vulnerability has been found in BerriAI litellm up to 1.82.2 and classified as critical. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery.

This vulnerability is referenced as CVE-2026-12774. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure.VulDB Recent EntriesRead More