Information Exposure Affecting llmswap package, versions [,5.2.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Information Exposure vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PYTHON-LLMSWAP-14860886
- published5 Jan 2026
- disclosed1 Jan 2026
- creditUnknown
Introduced: 1 Jan 2026
CVE NOT AVAILABLE CWE-209 (opens in a new tab)How to fix?
Upgrade llmswap to version 5.2.1 or higher.
Overview
llmswap is an Universal LLM SDK + MCP Client: GPT-5.2, Claude Opus 4.5, Gemini 3 Flash, Gemini 3 Pro, Grok 4.1, DeepSeek V3.2 + 10 providers. LMArena top models. Natural language tool calling. Zero vendor lock-in. Production SDK + beautiful CLI.
Affected versions of this package are vulnerable to Information Exposure via error handling across multiple providers. An attacker can expose sensitive information, including API keys, credentials, and internal system details, through unfiltered error responses that fail to sanitize exception messages before returning them to users.
Note: Successful exploitation of this vulnerability requires the attacker to have access to the network traffic.