Bug 2498192 (CVE-2026-59819)

Summary: CVE-2026-59819 litellm: LiteLLM: Information disclosure via local file read in test connection endpoint
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: anpicker, aruklets, bbrownin, bparees, doconnor, dschmidt, ebourniv, hasun, ilpinto, jfula, jlanda, jowilson, jwong, kshier, lgallett, ltomasbo, nyancey, omaciel, ometelka, ptisnovs, sbunciak, simaishi, stcannon, syedriko, teagle, ttakamiy, xdharmai, yguenane, ykashtan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in LiteLLM, a proxy server for Large Language Model (LLM) APIs. A privileged caller, such as a proxy administrator, with permissions to test model connections, could exploit the /health/test_connection endpoint. By supplying specific environment or OIDC (OpenID Connect) file references, an attacker could read arbitrary files from the local filesystem. This unauthorized file access could lead to information disclosure.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-07-08 20:01:27 UTC
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.10-stable, LiteLLM's /health/test_connection endpoint resolved request-supplied environment and OIDC file references in litellm_params, allowing a proxy administrator or another privileged caller with permission to test model connections to read files from the local filesystem via an oidc/file/ reference. This issue is fixed in version 1.83.10-stable.