CVE-2026-40217
EUVD-2026-2137610.04.2026, 14:16
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| litellm | litellm | 𝑥 ≤ 2026-04-08 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-420 - Unprotected Alternate ChannelThe software protects a primary channel, but it does not use the same level of protection for an alternate channel.
- CWE-94 - Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
References