New LiteLLM Bug Exploited Hours After Disclosure

A newly disclosed LiteLLM security flaw has already been targeted by attackers just hours after its public release. The vulnerability enables unauthorized individuals to access sensitive data stored in a LiteLLM proxy’s database, and in some cases, even alter that information.

Security researchers identified the bug as a critical issue affecting the popular open-source tool, which is widely used to manage and proxy requests to various large language models. The flaw allows malicious actors to bypass authentication controls and directly query the proxy’s backend database, exposing potentially confidential API keys, user data, and model configurations.

The rapid exploitation of this LiteLLM vulnerability underscores the growing threat landscape for AI infrastructure components. As organizations increasingly rely on such proxy solutions to secure and streamline their LLM interactions, any weakness in these tools can have cascading security implications. The attack pattern suggests that threat actors are actively monitoring disclosure channels for high-value targets.

Administrators using LiteLLM are strongly urged to apply the available patch immediately. The update addresses the underlying database access control issue that made the proxy susceptible to both data theft and modification. Without this fix, attackers could not only steal credentials but also corrupt the proxy’s operational data, potentially leading to service disruptions or further compromise.