BerriAI LiteLLM Command Injection Vulnerability
Vendor: BerriAI
Product: LiteLLM
Added: 2026-06-08
Due Date: 2026-06-22
Description:
BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.
Required Action:
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CWEs: