🚨 CRITICAL: CVE-2026-35030 - LiteLLM Authentication Bypass via OIDC Cache Collision
Severity: CRITICAL
GHSA: GHSA-jjhc-v7c2-5hh6
CVE: CVE-2026-35030
Affected Package: litellm
Impact: Authentication Bypass
Description
Authentication bypass vulnerability in LiteLLM through OIDC userinfo cache key collision. This allows attackers to potentially access unauthorized resources by exploiting how cached user information is keyed and retrieved.
Impact Details
- Authentication Bypass: Users may gain access to systems/resources without proper authentication
- Cache Key Collision: Improper caching mechanism enables identity confusion attacks
- Affected Files: 8 files in the repository
Potential Attack Scenarios
- Attacker triggers cache collision to impersonate another user
- Unauthorized access to protected API endpoints
- Privilege escalation through cached credentials
Remediation Steps
- Update
litellm package to the patched version per GHSA-jjhc-v7c2-5hh6
- Review and fix OIDC cache key generation logic
- Implement proper cache isolation between different users/sessions
- Audit authentication flows for similar cache-related vulnerabilities
References
Priority
IMMEDIATE ACTION REQUIRED - Authentication bypass vulnerabilities are among the most severe security issues.
Automated security scan detected this critical vulnerability. Please prioritize remediation.
🚨 CRITICAL: CVE-2026-35030 - LiteLLM Authentication Bypass via OIDC Cache Collision
Severity: CRITICAL
GHSA: GHSA-jjhc-v7c2-5hh6
CVE: CVE-2026-35030
Affected Package: litellm
Impact: Authentication Bypass
Description
Authentication bypass vulnerability in LiteLLM through OIDC userinfo cache key collision. This allows attackers to potentially access unauthorized resources by exploiting how cached user information is keyed and retrieved.
Impact Details
Potential Attack Scenarios
Remediation Steps
litellmpackage to the patched version per GHSA-jjhc-v7c2-5hh6References
Priority
IMMEDIATE ACTION REQUIRED - Authentication bypass vulnerabilities are among the most severe security issues.
Automated security scan detected this critical vulnerability. Please prioritize remediation.