Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN489
_____________________________________________________________________

DATE                : 13/05/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running litellm (pip) versions prior
                                    to 1.83.10.

=====================================================================
https://github.com/BerriAI/litellm/security/advisories/GHSA-wxxx-gvqv-xp7p
_____________________________________________________________________

Sandbox escape in custom-code guardrail
High
jaydns published GHSA-wxxx-gvqv-xp7p May 7, 2026

Package
litellm (pip)

Affected versions
>= 1.81.8, < 1.83.10

Patched versions
>= 1.83.10

Description

Impact

The POST /guardrails/test_custom_code endpoint runs user-supplied
Python inside a hand-rolled sandbox. The sandbox can be escaped
using bytecode-level techniques, allowing arbitrary code execution
in the proxy process — which runs as root in the default Docker
image.

Reaching the endpoint requires a proxy-admin credential in default
configurations.


Patches

Fixed in 1.83.11. The hand-rolled sandbox has been replaced with
RestrictedPython. Upgrade to 1.83.11 or later.

Workarounds

If upgrading is not immediately possible, block POST
/guardrails/test_custom_code at your reverse proxy or API
gateway.

References

    Patched release: v1.83.10-stable


Severity
High
7.5/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity High
Attack Requirements None
Privileges Required High
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity High
Availability High
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE ID
CVE-2026-40217

Weaknesses
Weakness CWE-913 


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================