CVE-2026-12771 | BerriAI litellm up to 1.82.2 M2M JWT user_api_key_auth.py improper authorization

A vulnerability classified as critical was found in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization.

This vulnerability is uniquely identified as CVE-2026-12771. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure.VulDB Recent EntriesRead More