📄 Description (English)
LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.
🤖 AI Executive Summary
LiteLLM versions prior to 1.83.14 contain a critical privilege escalation vulnerability (CVE-2026-47101) allowing authenticated internal users to create API keys with unauthorized administrative access by bypassing role-based access controls. An attacker with internal_user privileges can escalate to proxy_admin level, gaining full system control. This vulnerability poses significant risk to organizations using LiteLLM for API management and authentication, particularly in financial and government sectors where access control is paramount.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 23, 2026 19:55
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations in banking (SAMA-regulated institutions, major banks), government agencies (NCA, CITC), healthcare systems, and energy sector (ARAMCO) utilizing LiteLLM for API gateway and authentication services face critical risk. The vulnerability enables insider threats and compromised account scenarios to escalate to administrative control, potentially exposing sensitive financial data, government systems, healthcare records, and critical infrastructure. Financial institutions are particularly vulnerable as LiteLLM may be used in payment processing pipelines and API management layers.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
Critical Infrastructure
🎯 MITRE ATT&CK Techniques
T1078 - Valid Accounts (internal_user account abuse)
T1548 - Abuse Elevation Control Mechanism (privilege escalation via API key)
T1556 - Modify Authentication Process (API key generation bypass)
T1087 - Account Discovery (identifying admin-only routes)
T1110 - Brute Force (potential enumeration of routes)
T1098 - Account Manipulation (unauthorized API key creation)
T1133 - External Remote Services (API access abuse)
⚖️ Saudi Risk Score (AI)
8.9
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Audit all API keys created in LiteLLM instances to identify keys with elevated permissions created by internal_user accounts
2. Revoke any suspicious API keys with admin-only route access created by non-admin users
3. Review access logs for unauthorized administrative API calls using internal_user-created keys
4. Restrict internal_user account creation and review existing internal_user accounts for compromise indicators
PATCHING:
5. Upgrade LiteLLM to version 1.83.14 or later immediately when available
6. If upgrade is not immediately possible, implement compensating controls
COMPENSATING CONTROLS (if patch unavailable):
7. Implement network-level access controls restricting admin-only routes to specific IP ranges
8. Deploy API gateway WAF rules to block requests to admin routes from non-admin API keys
9. Enable comprehensive API audit logging with real-time alerting on admin route access
10. Implement API key rotation policy with 30-day maximum lifetime
11. Disable API key creation permissions for internal_user role at application level
DETECTION:
12. Monitor for API calls to admin-only routes (e.g., /admin/*, /config/*, /keys/manage) from API keys created by internal_user accounts
13. Alert on any role-based access control bypass attempts
14. Track API key creation events and correlate with subsequent elevated privilege usage
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تدقيق جميع مفاتيح API المنشأة في حالات LiteLLM لتحديد المفاتيح ذات الأذونات المرتفعة التي أنشأتها حسابات internal_user
2. إلغاء أي مفاتيح API مريبة بوصول مسارات خاص بالمسؤول تم إنشاؤها بواسطة مستخدمين غير إداريين
3. مراجعة سجلات الوصول للاتصالات API الإدارية غير المصرح بها باستخدام مفاتيح تم إنشاؤها بواسطة internal_user
4. تقييد إنشاء حسابات internal_user ومراجعة حسابات internal_user الموجودة للكشف عن مؤشرات الاختراق
التصحيح:
5. ترقية LiteLLM إلى الإصدار 1.83.14 أو أحدث فوراً عند توفره
6. إذا لم يكن الترقية ممكنة على الفور، قم بتنفيذ عناصر تحكم تعويضية
عناصر التحكم التعويضية (إذا لم يكن التصحيح متاحاً):
7. تنفيذ عناصر تحكم الوصول على مستوى الشبكة لتقييد المسارات الخاصة بالمسؤول فقط على نطاقات IP محددة
8. نشر قواعد WAF لبوابة API لحظر الطلبات إلى مسارات المسؤول من مفاتيح API غير الإدارية
9. تفعيل تسجيل تدقيق API الشامل مع التنبيهات في الوقت الفعلي على وصول مسار المسؤول
10. تنفيذ سياسة دوران مفتاح API بحد أقصى 30 يوماً
11. تعطيل أذونات إنشاء مفتاح API لدور internal_user على مستوى التطبيق
الكشف:
12. مراقبة استدعاءات API إلى المسارات الخاصة بالمسؤول فقط من مفاتيح API التي أنشأتها حسابات internal_user
13. التنبيه على أي محاولات تجاوز التحكم في الوصول القائمة على الأدوار
14. تتبع أحداث إنشاء مفتاح API والربط مع الاستخدام اللاحق للامتيازات المرتفعة
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.9.2.1 - User access management and role-based access control
ECC 2024 A.9.4.3 - Password management and API key security
ECC 2024 A.8.2.1 - User registration and access rights provisioning
ECC 2024 A.12.4.1 - Event logging and monitoring of access control
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management and inventory of systems using LiteLLM
SAMA CSF PR.AC-1 - Access Control Policy and role-based access enforcement
SAMA CSF PR.AC-4 - Access Rights and privilege management
SAMA CSF DE.CM-1 - Detection and monitoring of unauthorized access attempts
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Access control and privilege management
ISO 27001:2022 A.8.2 - User registration and de-registration
ISO 27001:2022 A.8.3 - User access provisioning and role-based controls
ISO 27001:2022 A.8.4 - Access rights review and revocation
ISO 27001:2022 A.12.4.1 - Event logging and monitoring
🟣 PCI DSS v4.0.1
PCI DSS 7.1 - Limit access to system components by business need-to-know
PCI DSS 7.2 - Establish an access control system for IT assets
PCI DSS 8.2 - Ensure proper user identification and authentication
PCI DSS 10.2 - Implement automated audit trails for access to cardholder data
🔗 References & Sources 7
🔗
https://gist.github.com/13ph03nix/9ec616e1fdc77b3673509c60206e827f
disclosure@vulncheck.com
Exploit
Mitigation
Third Party Advisory
🔗
https://github.com/BerriAI/litellm/commit/2220f3076ac89bd2a2e3439acf57dcfbec2434c9
disclosure@vulncheck.com
Patch
🔗
https://github.com/BerriAI/litellm/commit/5190bd07eb23a037745d86328096f54378f1614a
disclosure@vulncheck.com
Patch
🔗
https://github.com/BerriAI/litellm/commit/d910a95661fce3cdd36f3b06c03ecf9c46c6457c
disclosure@vulncheck.com
Patch
🔗
https://github.com/BerriAI/litellm/releases/tag/v1.83.14-stable
disclosure@vulncheck.com
Release Notes
🔗
https://huntr.com/bounties/8e75edfb-ff05-4e63-bfca-2d93d03fb3b9
disclosure@vulncheck.com
Exploit
Third Party Advisory
🔗
https://www.vulncheck.com/advisories/litellm-privilege-escalation-via-api-key-generation
disclosure@vulncheck.com
Third Party Advisory
📦 Affected Products / CPE 1 entries
litellm:litellm