Embedded Malicious Code Affecting litellm package, versions [1.82.7][1.82.8]

Q: How to fix?

Avoid using all malicious instances of the litellm package.

Threat Intelligence

Attacked

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-PYTHON-LITELLM-15762713
published24 Mar 2026
disclosed23 Mar 2026
creditCallum McMahon

Report a new vulnerability Found a mistake?

Introduced: 23 Mar 2026

New Malicious CWE-506 (opens in a new tab)

How to fix?

Avoid using all malicious instances of the litellm package.

Overview

litellm is a Library to easily interface with LLM API providers

Affected versions of this package are vulnerable to Embedded Malicious Code. Vulnerable releases of this package were compromised with malicious code that conceals a multi-stage credential stealer and persistent backdoor. A malicious actor appears to have uploaded tampered versions of the litellm package directly to PyPI, bypassing the project's standard GitHub release process.

Maintainer’s Notice

The compromised versions contain a malicious file, litellm_init.pth or proxy_server.py, that executes automatically at startup for every Python process. Affected users must immediately remove the package, purge their package manager caches, check for persistence mechanisms, and rotate all potentially exposed credentials.

Note: This advisory will be updated as more details come to light.

For additional details see https://github.com/BerriAI/litellm/issues/24512

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None