Submit #811288: litellm <= 1.82.5 Incorrect Authorization (CWE-863)info

Titlelitellm <= 1.82.5 Incorrect Authorization (CWE-863)
Description# Technical Details A Security Control Bypass vulnerability exists in the `async_pre_call_hook` methods within `enterprise/enterprise_hooks/banned_keywords.py` and `litellm/proxy/hooks/azure_content_safety.py` of litellm. The application fails to engage content safety guardrails during API invocations generated from standard HTTP completions because the callbacks expect HTTP string states differing from internally formatted async routing definitions. # Vulnerable Code File: `enterprise/enterprise_hooks/banned_keywords.py`, `litellm/proxy/hooks/azure_content_safety.py` Method: `async_pre_call_hook` Why: Normal HTTP completions (`/v1/chat/completions`) trigger the guardrails pipeline providing `call_type = "acompletion"`. The affected hooks attempt to assert `if call_type == "completion"`, meaning the logic condition evaluates consistently to `False`. The hooks immediately exit without triggering any scanning layers. # Reproduction 1. Compile `litellm` integrating the `banned_keywords` security hook parameter array and supply a bad keyword list (`["bannedword"]`). 2. Send a POST request to the completions interface submitting `"bannedword"` in the prompt parameters (`curl -X POST http://localhost:4000/v1/chat/completions -d '{"messages":[{"content":"bannedword test"}]}'`). 3. Note the request proxying completely unobstructed directly back from the backend LLM due to the bypassed hook filtering. # Impact - Enterprise Banned Keyword rules and Content Filtering routines via Azure are rendered totally inert and easily evaded, destroying the baseline security posture of proxied model communications.
Source⚠️ https://gist.github.com/YLChen-007/078179224f07cc4e39e4f141a18c817a
User
 Eric-c (UID 96848)
Submission04/23/2026 10:08 (2 months ago)
Moderation06/20/2026 19:12 (2 months later)
StatusAccepted
VulDB entry372559 [BerriAI litellm up to 1.82.5 Completions Interface banned_keywords.py async_pre_call_hook prompt authorization]
Points20

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!