A significant security flaw has been identified in LiteLLM, a widely-used proxy for managing large language model (LLM) APIs. This vulnerability, labeled as CVE-2026-49468, permits attackers to circumvent authentication protocols by exploiting improper Host header processing.
Underlying Issues in LiteLLM
Affecting versions prior to 1.84.0, the vulnerability is deemed critical. It originates from a flaw in the LiteLLM proxy’s method of determining request routes during authentication checks. The authentication mechanism relies on the request.url.path value formed by the Starlette framework, which reconstructs paths based on the Host header in incoming HTTP requests.
By altering this header, attackers can manipulate the authentication layer into evaluating a different route than the one processed by FastAPI. This discrepancy allows unauthorized access to sensitive management endpoints, posing a severe threat to confidentiality, integrity, and availability.
Impact and Mitigation Strategies
The vulnerability is classified under CWE-290 (Authentication Bypass by Spoofing) and is assigned a high CVSS v4 score. Its network-based attack vector and low complexity increase the risk, as it requires no authentication or user interaction. However, most deployments remain unaffected if upstream infrastructure validates or normalizes the Host header, such as those behind CDNs, WAFs, or cloud load balancers with host-based routing rules.
LiteLLM Cloud customers are shielded from this issue due to protective controls in the hosted environment. The vulnerability has been rectified in LiteLLM version 1.84.0, and immediate upgrades are recommended. The update requires no configuration changes, easing the remediation process.
Future Outlook and Security Recommendations
Organizations unable to upgrade immediately can implement temporary solutions, such as placing the LiteLLM proxy behind a trusted upstream component that enforces strict Host header validation or restricting network access to the proxy service. This vulnerability was discovered by security experts Le The Thang from KCSC and Kim Ngoc Chung from One Mount Group.
The findings highlight the dangers of improper request parsing in modern API frameworks, especially when relying on manipulable headers. This disclosure emphasizes the necessity of validating input headers and ensuring alignment between routing and authentication layers, particularly in applications managing sensitive AI workloads.
In conclusion, the discovery of this LiteLLM vulnerability underscores the importance of robust security measures and proactive mitigation strategies in safeguarding against potential cyber threats.
