The bottom line: A chaining of three vulnerabilities in LiteLLM enables proxy server takeover and access to all managed API keys from over 100 AI model providers.
Researchers at Obsidian Security have discovered a chaining of three security flaws in LiteLLM that allows a standard low-privilege user to gain administrator rights and execute code on the gateway server.
LiteLLM is a widely used open-source AI gateway that mediates calls to more than 100 model providers behind an OpenAI-compatible interface. The system is frequently deployed in enterprise environments to centralize the integration of various AI models.
The vulnerability chain disclosed by Obsidian Security allows an attacker with standard user rights to escalate to administrator privileges through the chaining of three security flaws and execute arbitrary code on the server. A successful server takeover would mean access to all API keys stored in it — giving attackers authentication credentials for over 100 model providers.
For CTOs, the vulnerability chain is critical because it not only represents the direct loss of all managed AI model credentials, but also compromises control over the central gateway. This would allow attackers to manipulate requests, bypass monitoring, or compromise further systems on the network.
Source: thehackernews.com · Published 15 June 2026
Lumi AI News — AI-assisted curation per Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.