Improper Neutralization of Special Elements Used in a Template Engine The advisory has been revoked - it doesn't affect any version of package litellm-1.80-oci-entrypoint  (opens in a new tab)


Threat Intelligence

EPSS
0.37% (30th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-MINIMOSLATEST-LITELLM180OCIENTRYPOINT-16310563
  • published28 Apr 2026
  • disclosed8 May 2026

Introduced: 28 Apr 2026

CVE-2026-42203  (opens in a new tab)
CWE-1336  (opens in a new tab)

Amendment

The Minimos security team deemed this advisory irrelevant for Minimos:latest.

NVD Description

Note: Versions mentioned in the description apply only to the upstream litellm-1.80-oci-entrypoint package and not the litellm-1.80-oci-entrypoint package as distributed by Minimos.

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user could reach it. Depending on how the proxy is deployed, this could expose secrets in the process environment (such as provider API keys or database credentials) and allow commands to be run on the host. This issue has been patched in version 1.83.7.