BerriAI LiteLLM Improper-Authorisation CVEs Expand AI Gateway Patch Checks
BerriAI LiteLLM Improper-Authorisation CVEs Expand AI Gateway Patch Checks
Today adds two newly disclosed LiteLLM improper-authorisation CVEs to the AI gateway owner queue: CVE-2026-12770 and CVE-2026-12771. The LiteLLM stack was last covered on 9 June 2026 (CVE-2026-42271).
The update is scoped. The available evidence records two additional LiteLLM CVEs published on 21 June 2026, plus a public BerriAI pull request that gives owners a patch-validation anchor for CVE-2026-12770. The collected material did not confirm active exploitation, a primary vendor advisory, or a broader incident pattern.
CVE-2026-12770 is tied to the LiteLLM Admin Key Handler, with versions at or below 1.63.1 listed for owner review. CVE-2026-12771 is tied to the M2M JWT Handler, with versions at or below 1.82.2 listed for owner review. Teams running LiteLLM as a shared proxy should treat this as an access-control validation task, especially where admin routes, machine-to-machine tokens, or shared AI gateway paths are exposed.
Sources: Tenable CVE-2026-12770; Tenable CVE-2026-12771; BerriAI GitHub pull request 23781. https://www.tenable.com/cve/CVE-2026-12770 ; https://www.tenable.com/cve/CVE-2026-12771 ; https://github.com/BerriAI/litellm/pull/23781
Why This Matters
LiteLLM often sits between internal users, applications, models, and API keys. That makes authorisation mistakes more than a local service bug. A weak admin-key or M2M/JWT boundary can turn a convenience layer into a control point for misuse.
The risk is not proven exploitation today. The practical issue is ownership. AI gateway deployments can fall between application, platform, and security teams, so version checks and route exposure reviews may not already be in a standard vulnerability queue.
- Recommended Actions
- Identify LiteLLM proxy deployments, including shared AI gateways and developer-run instances.
- Check versions against the affected ranges for CVE-2026-12770 and CVE-2026-12771.
- Review exposure of admin-key handling and M2M/JWT paths, especially where the proxy is internet-reachable or shared across teams.
- Track the BerriAI pull request as a patch-validation reference for CVE-2026-12770 and keep both CVE links attached to owner tickets.
- Keep the confidence label visible until a primary vendor advisory, exploit signal, or stronger corroborating source appears.
All findings grounded in a13e intelligence sweeps through 04:55 UTC 22 June 2026.
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys CVE-2026-4020
Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers t
Sources: https://thehackernews.com/2026/06/hackers-exploit-gravity-smtp-wordpress.html
CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. [...]
Sources: https://www.bleepingcomputer.com/news/security/cisa-splunk-enterprise-flaw-actively-exploited-patch-by-sunday/
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone CVE-2025-20701
Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701 (CVSS score: 8.8), refers to a case of incorrect authorization impacting the Airoha Bluetooth
Sources: https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html