Severity: CRITICAL

Researchers at Obsidian Security disclosed a critical vulnerability chain in LiteLLM, a widely deployed open-source AI gateway. By chaining three flaws, a default low-privilege account can escalate to full administrative privileges and execute arbitrary code on the server. A server takeover exposes all API keys for over 100 AI model providers, posing a significant risk to organizations using LiteLLM to broker AI calls.

Source: The Hacker News