¡¾·ì϶¹«¸æ¡¿LiteLLMÄ£°å×¢Èë·ì϶(CVE-2026-42203)

°ä²¼¹¦·ò 2026-05-14

Ò»¡¢·ì϶¸ÅÊö


0514·ì϶¸ÅÊö.png


LiteLLMÊÇÒ»¿î¿ªÔ´LLM´úÀíÓëAI Gateway×é¼þ £¬ÓÃÓÚÒÔOpenAI¼æÈÝÌåʽͳһŲÓÃOpenAI¡¢AnthropicµÈ¶àÀà´óÄ£ÐÍ·þÎñ¡£ÆäÖ§³ÖÄ£ÐÍ·ÓÉ¡¢API keyÖÎÀí¡¢½Ó¼û½ÚÔì¡¢ÓÃÁ¿Í³¼Æ¼°´úÀíת·¢µÈÄÜÁ¦ £¬³£ÓÃÓÚÆóÒµ´óÄ£ÐͽÓÈëÓëÍ³Ò»Íø¹ØÖÎÀí³¡¾°¡£2026Äê5ÔÂ14ÈÕ £¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½LiteLLMÄ£°å×¢Èë·ì϶¡£¸Ã·ì϶´æÔÚÓÚPOST /prompts/test½Ó¿Ú £¬ÓÉÓÚ½Ó¿Ú½ÓÊÜÓû§Ìá½»µÄprompt templates²¢ÔÚδ½øÐÐɳÏä¸ôÀëµÄÇé¿öÏÂäÖȾ £¬µ¼ÖÂÒÑÈÏÖ¤¹¥»÷Õ߿ɻú¹Ø¶ñÒâÄ£°åÔÚLiteLLM Proxy¹ý³ÌÄÚÖ´ÐÐËÁÒâ´úÂë¡£¹¥»÷Õß½öÐè³ÖÓÐÓÐЧproxy API key¼´¿É½Ó¼û¸Ã½Ó¿Ú £¬½ø¶ø¿ÉÄܶÁÈ¡¹ý³Ì»·¾³±äÁ¿ÖеÄprovider API keys¡¢Êý¾Ý¿âÍ´´¦µÈÃô¸ÐÐÅÏ¢ £¬»òÔÚÖ÷»úÉÏÖ´ÐÐϵͳºÅÁî £¬Ôì³ÉÒµÎñϵͳ±»ÊÕÊÜ¡¢ÃÜԿй¶¼°Êý¾Ý°²È«·çÏÕ¡£


¶þ¡¢Ó°ÏìÁìÓò


1.80.5 <= LiteLLM < 1.83.7


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾¹Ù·½ÒѰ䲼½¨¸´²¹¶¡ £¬ÒÔ½¨¸´¸Ã·ì϶¡£LiteLLM >= 1.83.7ÏÂÔØÁ´½Ó£ºhttps://github.com/BerriAI/litellm/releases/


3.2 һʱ´ëÊ©ÔÝÎÞ¡£


3.3 ͨÓý¨Ò鶨ÆÚ¸üÐÂϵͳ²¹¶¡ £¬Ï÷¼õϵͳ·ì϶ £¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔì £¬Åú¸Ä·À»ðǽսÊõ £¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ £¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø £¬Ï÷¼õ¹¥»÷Ãæ¡£Ê¹ÓÃÆóÒµ¼¶°²È«²úÆ· £¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí £¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò £¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Óhttps://github.com/BerriAI/litellm/security/advisories/GHSA-xqmj-j6mv-4862/https://nvd.nist.gov/vuln/detail/CVE-2026-42203