CVE-2026-49468: LiteLLM: Authentication Bypass via Host Header Injection

June 16, 2026

A Host-header parsing flaw in the LiteLLM proxy could, under specific conditions, allow unauthenticated access to protected management routes.

The auth layer derived the effective route from request.url.path in litellm/proxy/auth/auth_utils.py::get_request_route(), which Starlette reconstructs from the Host header. A crafted Host could therefore make the auth gate evaluate a different route from the one FastAPI dispatched.

Most deployments are not affected. The bypass is blocked by any upstream layer that validates or normalizes Host, such as:

a CDN or WAF, such as Cloudflare
a reverse proxy with server_name allowlists
a host-based load balancer

LiteLLM Cloud customers are not affected.

References

Code Behaviors & Features

Detect and mitigate CVE-2026-49468 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →