{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12774", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-06-20T09:26:29.098Z", "datePublished": "2026-06-21T03:45:06.835Z", "dateUpdated": "2026-06-22T10:57:42.425Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-21T03:45:06.835Z"}, "title": "BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-918", "lang": "en", "description": "Server-Side Request Forgery"}]}], "affected": [{"vendor": "BerriAI", "product": "litellm", "versions": [{"version": "1.82.0", "status": "affected"}, {"version": "1.82.1", "status": "affected"}, {"version": "1.82.2", "status": "affected"}], "cpes": ["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"], "modules": ["MCP Server Connection Testing"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-06-20T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-06-20T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-06-20T11:31:45.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-c (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB CNA Team", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/vuln/372516", "name": "VDB-372516 | BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/372516/cti", "name": "VDB-372516 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-12774", "name": "CVE-2026-12774 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/811285", "name": "Submit #811285 | litellm <= 1.82.2 Server-Side Request Forgery (SSRF) (CWE-918)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T10:57:26.092177Z", "id": "CVE-2026-12774", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T10:57:42.425Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-c (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB CNA Team"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:litellm:litellm:*:*:*:*:*:*:*:*"], "vendor": "BerriAI", "modules": ["MCP Server Connection Testing"], "product": "litellm", "versions": [{"status": "affected", "version": "1.82.0"}, {"status": "affected", "version": "1.82.1"}, {"status": "affected", "version": "1.82.2"}]}], "timeline": [{"lang": "en", "time": "2026-06-20T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-06-20T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-06-20T11:31:45.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/372516", "name": "VDB-372516 | BerriAI litellm MCP Server Connection Testing rest_endpoints.py _execute_with_mcp_client server-side request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/372516/cti", "name": "VDB-372516 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/cve/CVE-2026-12774", "name": "CVE-2026-12774 | CVE Analysis and Report", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/submit/811285", "name": "Submit #811285 | litellm <= 1.82.2 Server-Side Request Forgery (SSRF) (CWE-918)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "Server-Side Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-06-21T03:45:06.835Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12774", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-22T10:57:26.092177Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-06-22T10:57:38.583Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-12774", "state": "PUBLISHED", "dateUpdated": "2026-06-21T03:45:06.835Z", "dateReserved": "2026-06-20T09:26:29.098Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-06-21T03:45:06.835Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "litellm: BerriAI litellm: Server-Side Request Forgery in MCP Server Connection Testing", "id": "2491113", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491113"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-918", "details": ["A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function _execute_with_mcp_client of the file litellm/proxy/_experimental/mcp_server/rest_endpoints.py of the component MCP Server Connection Testing. The manipulation leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.", "A flaw was found in BerriAI litellm. A remote attacker could exploit a Server-Side Request Forgery (SSRF) vulnerability in the MCP Server Connection Testing component. This flaw, specifically within the _execute_with_mcp_client function, allows an attacker to trick the server into making unauthorized requests to internal or external resources, potentially leading to information disclosure or access to restricted services."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-12774", "package_state": [{"cpe": "cpe:/a:redhat:exploit_intelligence:0", "fix_state": "Fix deferred", "package_name": "exploit-intelligence-tech-preview/vulnerability-analysis-rhel9", "product_name": "Exploit Intelligence"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-26/lightspeed-chatbot-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-27/lightspeed-chatbot-rhel9", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-llama-stack-core-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-mlflow-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-trustyai-garak-lls-provider-dsp-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}], "public_date": "2026-06-21T03:45:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-12774\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-12774\nhttps://gist.github.com/YLChen-007/256c8ff0750e298f89b6b287c90c2981\nhttps://vuldb.com/cve/CVE-2026-12774\nhttps://vuldb.com/submit/811285\nhttps://vuldb.com/vuln/372516\nhttps://vuldb.com/vuln/372516/cti"], "statement": "This Moderate impact Server-Side Request Forgery (SSRF) vulnerability in BerriAI litellm's MCP Server Connection Testing component allows a remote attacker with low privileges to induce the server to make unauthorized requests. This could lead to information disclosure or access to internal or external resources, affecting Red Hat OpenShift AI and Red Hat Ansible Automation Platform deployments where the vulnerable component is utilized.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.82.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.82.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.82.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "litellm", "source": "cna", "vendor": "BerriAI"}, "product": "litellm", "vendor": "berriai"}, {"configurations": [{"platform": ["*"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "litellm", "vendor": "litellm"}], "created": "2026-06-21T09:30:09.167420+00:00", "updated": "2026-06-21T11:15:04.151705+00:00", "vendors": ["berriai", "berriai$PRODUCT$litellm", "litellm", "litellm$PRODUCT$litellm"]}