Bug 2491144 (CVE-2026-12798)

Summary: CVE-2026-12798 litellm: BerriAI litellm: Server-Side Request Forgery via spec_path argument manipulation
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: dschmidt, erezende, ilpinto, jkoehler, jlanda, jwong, kshier, lphiri, ltomasbo, omaciel, simaishi, smcdonal, stcannon, teagle, ttakamiy, yguenane, ykashtan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in BerriAI litellm. This vulnerability allows a remote attacker to perform a Server-Side Request Forgery (SSRF) by manipulating a specific argument, spec_path, in the load_openapi_spec_async function. This manipulation can force the server to make unauthorized requests to internal or external resources, potentially leading to the disclosure of sensitive information or access to restricted systems.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-06-21 11:01:26 UTC
A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI Spec Loader. This manipulation of the argument spec_path causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure.