Litellm: Batch of Three Vulnerabilities Includes RCE and Directory Traversal
Three Litellm vulnerabilities disclosed on July 8, 2026, including two 'important' flaws enabling directory traversal and arbitrary code execution.

Key findings
- Three Litellm vulnerabilities disclosed on July 8, 2026, including two rated 'important'.
- CVE-2026-59819 allows information disclosure via local file read in the test connection endpoint.
- CVE-2026-59820 permits directory traversal through crafted skill archive uploads.
- CVE-2026-59821 enables arbitrary code execution via custom code guardrails.
- Users are advised to update Litellm promptly to mitigate these security risks.
On July 8, 2026, a batch of three vulnerabilities was disclosed for Berriai's Litellm, a Python library for simplifying LLM API calls. The vulnerabilities, reported together, highlight risks in file handling and code execution within the library. Two of the three vulnerabilities were rated as 'important' by CVSS v3 scoring, indicating a significant potential impact for users.
One of the disclosed vulnerabilities, CVE-2026-59819, is a moderate severity information disclosure flaw. It stems from the test connection endpoint's handling of local file reads, potentially allowing an attacker to access sensitive files on the system.
Two 'important' severity vulnerabilities were also detailed. CVE-2026-59820 involves directory traversal, which can be exploited by uploading a crafted skill archive. This could allow an attacker to access or modify files outside of the intended directory. The most severe of the batch, CVE-2026-59821, enables arbitrary code execution and information disclosure through custom code guardrails. This vulnerability poses a significant risk, as it could allow an attacker to run malicious code on the affected system.
All three vulnerabilities were disclosed on the same day, suggesting a coordinated disclosure event. Users of Litellm are advised to update to the latest version to mitigate these risks. The specific versions affected and patched are not detailed in the provided information, but prompt patching is recommended given the severity of CVE-2026-59820 and CVE-2026-59821.
This batch of vulnerabilities underscores the importance of secure file handling and code execution practices in libraries that interface with external data or custom code. Users should remain vigilant and apply updates as soon as they become available to protect their applications from potential exploitation.