Submit #811288: litellm <= 1.82.5 Incorrect Authorization (CWE-863)info

Titellitellm <= 1.82.5 Incorrect Authorization (CWE-863)
Beschreibung# Technical Details A Security Control Bypass vulnerability exists in the `async_pre_call_hook` methods within `enterprise/enterprise_hooks/banned_keywords.py` and `litellm/proxy/hooks/azure_content_safety.py` of litellm. The application fails to engage content safety guardrails during API invocations generated from standard HTTP completions because the callbacks expect HTTP string states differing from internally formatted async routing definitions. # Vulnerable Code File: `enterprise/enterprise_hooks/banned_keywords.py`, `litellm/proxy/hooks/azure_content_safety.py` Method: `async_pre_call_hook` Why: Normal HTTP completions (`/v1/chat/completions`) trigger the guardrails pipeline providing `call_type = "acompletion"`. The affected hooks attempt to assert `if call_type == "completion"`, meaning the logic condition evaluates consistently to `False`. The hooks immediately exit without triggering any scanning layers. # Reproduction 1. Compile `litellm` integrating the `banned_keywords` security hook parameter array and supply a bad keyword list (`["bannedword"]`). 2. Send a POST request to the completions interface submitting `"bannedword"` in the prompt parameters (`curl -X POST http://localhost:4000/v1/chat/completions -d '{"messages":[{"content":"bannedword test"}]}'`). 3. Note the request proxying completely unobstructed directly back from the backend LLM due to the bypassed hook filtering. # Impact - Enterprise Banned Keyword rules and Content Filtering routines via Azure are rendered totally inert and easily evaded, destroying the baseline security posture of proxied model communications.
Quelle⚠️ https://gist.github.com/YLChen-007/078179224f07cc4e39e4f141a18c817a
Benutzer
 Eric-c (UID 96848)
Einreichung23.04.2026 10:08 (vor 2 Monaten)
Moderieren20.06.2026 19:12 (2 months later)
StatusAkzeptiert
VulDB Eintrag372559 [BerriAI litellm bis 1.82.5 Completions Interface banned_keywords.py async_pre_call_hook prompt erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!