LiteLLM Vulnerability Chain Lets LowPrivilege Users Take Over AI Gateway Servers
A default lowprivilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities researchers at Obsidian Security disclosed LiteLLM is a widely deployed opensource AI gateway that brokers calls to more than 100 model providers behind one OpenAIcompatible interface A server takeover exposes every provider key it holds the secrets that