A critical security vulnerability has been disclosed in LiteLLM, the widely used open-source proxy framework for managing large language model (LLM) API calls. Tracked as CVE-2026-49468 (GHSA-4xpc-pv4p-pm3w), the flaw allows unauthenticated attackers to bypass authentication controls and gain unauthorized access to protected management routes via a Host header injection vulnerability. The vulnerability, classified under CWE-290 (Authentication Bypass by […]
The post Critical LiteLLM Flaw Enables Authentication Bypass via Host Header Injection appeared first on Cyber Security News.