CVE Vulnerabilities

CVE-2026-40217

Unprotected Alternate Channel

Published: Apr 10, 2026 | Modified: Jun 30, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
8.8 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
root.io logo minimus.io logo echo.ai logo

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

Weakness

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

Affected Software

NameVendorStart VersionEnd Version
LitellmLitellm*2026-04-08 (including)
Red Hat Ansible Automation Platform 2.6RedHatansible-automation-platform-26/lightspeed-chatbot-rhel9:1780102732*
Red Hat OpenShift AI 3.3RedHatrhoai/odh-llama-stack-core-rhel9:1782310008*

Potential Mitigations

References