Link preview
x.com
Obsidian Security found three chained LiteLLM CVEs that let a default low-privilege user reach admin access and RCE (CVSS 9.9). We also demonstrate how a compromised gateway can inject arbitrary tool calls to further compromise downstream agents like Claude Code. Full breakdown and the fixes. X (formerly Twitter) · twitter.com
Obsidian Security found three chained LiteLLM CVEs that let a default low-privilege user reach admin access and RCE (CVSS 9.9). We also demonstrate how a compromised gateway can inject arbitrary tool calls to further compromise downstream agents like Claude Code. Full breakdown and the fixes.
Comments