{
  "threat_severity" : "Important",
  "public_date" : "2026-04-06T16:47:02Z",
  "bugzilla" : {
    "description" : "litellm: LiteLLM: Authentication bypass and privilege escalation via OIDC userinfo cache key collision",
    "id" : "2455509",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2455509"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-222",
  "details" : [ "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:20] as the cache key. JWT headers produced by the same signing algorithm generate identical first 20 characters. This configuration option is not enabled by default. Most instances are not affected. An unauthenticated attacker can craft a token whose first 20 characters match a legitimate user's cached token. On cache hit, the attacker inherits the legitimate user's identity and permissions. This affects deployments with JWT/OIDC authentication enabled. Fixed in v1.83.0.", "A flaw was found in LiteLLM, a proxy server for Large Language Model (LLM) APIs. When JSON Web Token (JWT) authentication is enabled, the OIDC user information cache uses a truncated portion of the token as a cache key. An unauthenticated attacker can exploit this by crafting a JWT with the same initial characters as a legitimate user's cached token. This allows the attacker to bypass authentication and inherit the legitimate user's identity and permissions, potentially leading to unauthorized access and privilege escalation." ],
  "statement" : "This is an Important flaw in LiteLLM that enables authentication bypass and privilege escalation. The vulnerability is present only when JWT authentication is explicitly enabled, as this configuration is not active by default. Red Hat Ansible Automation Platform, Lightspeed Core, Red Hat OpenShift AI, and Ansible Services are affected if configured with JWT authentication.",
  "affected_release" : [ {
    "product_name" : "Red Hat Ansible Automation Platform 2.6",
    "release_date" : "2026-05-04T00:00:00Z",
    "advisory" : "RHSA-2026:13545",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
    "package" : "ansible-automation-platform-26/lightspeed-chatbot-rhel9:1777398576"
  } ],
  "package_state" : [ {
    "product_name" : "Lightspeed Core",
    "fix_state" : "Affected",
    "package_name" : "redhat-user-workloads/lightspeed-stack",
    "cpe" : "cpe:/a:redhat:lightspeed_core"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-llama-stack-core-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-mlflow-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-35030\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-35030\nhttps://github.com/BerriAI/litellm/security/advisories/GHSA-jjhc-v7c2-5hh6" ],
  "name" : "CVE-2026-35030",
  "mitigation" : {
    "value" : "To mitigate this issue, ensure that JWT authentication is not enabled in LiteLLM configurations. The vulnerability only manifests when `enable_jwt_auth` is set to `true`. If JWT authentication is not strictly required, disable it to prevent potential authentication bypass and privilege escalation. If this configuration is changed, a restart of the LiteLLM service may be required for the changes to take effect.",
    "lang" : "en:us"
  },
  "csaw" : false
}