Critical Vulnerability Chain in LiteLLM Allows Full Server Takeover

Researchers at Obsidian Security disclosed a vulnerability chain in LiteLLM, an open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface. The vulnerability chain consists of three vulnerabilities that allow a default low-privilege account on a LiteLLM proxy to escalate to full admin privileges and execute code on the server. A successful server takeover exposes every provider key held by the system. LiteLLM is described as widely deployed in production environments.