CVE-2026-59820 in LiteLLMinfo

Summary

by MITRE • 07/08/2026

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.7-stable, LiteLLM Skills archive extraction did not sufficiently validate file paths from uploaded skill ZIP archives, allowing an authenticated user with access to LiteLLM LLM API routes or a key whose allowed_routes includes /v1/skills, anthropic_routes, or llm_api_routes to upload a crafted skill archive containing path traversal entries that could be written outside the intended extraction or staging directory. This issue is fixed in version 1.83.7-stable.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

The vulnerability in LiteLLM represents a critical path traversal flaw that undermines the security boundaries of the AI gateway system. This weakness affects versions prior to 1.83.7-stable and specifically targets the Skills archive extraction functionality within the proxy server architecture. The issue stems from insufficient validation of file paths during ZIP archive processing, creating an avenue for malicious actors to manipulate the extraction process and write files to unintended locations outside the designated staging directories.

The technical implementation of this vulnerability occurs when authenticated users upload crafted skill archives containing path traversal sequences such as ../ or ..\ in their file paths. These malicious entries bypass proper validation checks that should restrict file extraction to predefined directories, allowing attackers to traverse the filesystem hierarchy and potentially overwrite critical system files or place malicious content in sensitive locations. The vulnerability specifically impacts routes including /v1/skills, anthropic_routes, and llm_api_routes where skill archives are processed.

From an operational perspective, this vulnerability creates significant risk for organizations relying on LiteLLM as their AI gateway solution. An authenticated attacker with access to any of the affected API routes can escalate privileges and potentially compromise the entire system through file system manipulation. The impact extends beyond simple data exposure to include potential code execution, service disruption, and persistence mechanisms within the target environment. This weakness particularly affects cloud-based deployments where LiteLLM serves as a central gateway for multiple AI services.

The vulnerability aligns with CWE-22 Path Traversal and follows patterns consistent with ATT&CK technique T1059 Command and Scripting Interpreter when attackers leverage such path traversal to establish persistence or execute malicious code. Organizations using LiteLLM should immediately implement the remediation provided in version 1.83.7-stable which includes enhanced path validation and proper sanitization of file paths during ZIP archive extraction. Additional mitigations include implementing strict access controls, monitoring skill upload activities, and conducting regular security assessments of API endpoints that handle user-provided archives to prevent similar vulnerabilities in other components of the AI infrastructure stack.

Responsible

GitHub M

Reservation

07/07/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!