LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.
The product protects a primary channel, but it does not use the same level of protection for an alternate channel.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Litellm | Litellm | * | 2026-04-08 (including) |
| Red Hat Ansible Automation Platform 2.6 | RedHat | ansible-automation-platform-26/lightspeed-chatbot-rhel9:1780102732 | * |
| Red Hat OpenShift AI 3.3 | RedHat | rhoai/odh-llama-stack-core-rhel9:1782310008 | * |