The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade litellm to version 1.84.0 or higher.
litellm is a Library to easily interface with LLM API providers
Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the OAuth2 passthrough fallback in MCPRequestHandler.process_mcp_request in litellm/proxy/_experimental/mcp_server/auth/mcp_request_handler.py. An attacker can establish an authenticated MCP session without a valid LiteLLM key by sending a fabricated Authorization bearer token to an MCP route. When user_api_key_auth rejected the header with a 401 or 403, the handler replaced the failure with an anonymous UserAPIKeyAuth() object instead of denying the request. That lets the attacker reach MCP tooling and use connected upstream services exposed through MCP, breaking access control for deployed MCP endpoints.
Notes
Authorization header for LiteLLM auth; requests with an explicit x-litellm-api-key follow the normal validation path instead of the OAuth2 passthrough fallback.x-mcp-servers, a single non-oauth2 target is enough to make the fallback unsafe and the auth failure propagates instead of being downgraded to anonymous passthrough.Workarounds
/mcp/ and related MCP endpoints at your reverse proxy or API gateway, to prevent unauthenticated requests from reaching MCP tooling.