LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Obsidian Security researchers disclosed a chain of three vulnerabilities in LiteLLM, an open-source AI gateway, that allows low-privilege users to gain full administrative control and execute code on the server. LiteLLM acts as a proxy for over 100 model providers, presenting a unified OpenAI-compatible interface. The exploitation of these flaws, specifically a default low-privilege account, can lead to a complete server takeover. This compromise exposes all provider keys stored by the gateway, which are secrets used to authenticate with various AI model services. The researchers detailed their findings in a report, highlighting the critical security implications for organizations relying on LiteLLM to manage their AI model integrations. The vulnerabilities were identified and analyzed by Obsidian Security's threat research team, who then reported them to the LiteLLM maintainers. The potential impact includes unauthorized access to sensitive API keys, which could be used for malicious purposes, such as making fraudulent API calls or accessing proprietary AI models.