High8.1Red Hat & Ubuntu Linux Updated
Directory traversal via crafted skill archive upload
CVE-2026-59820 Published Jul 8, 2026Updated by vendor Jul 8, 2026
CVE-2026-59820
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Directory traversal via crafted skill archive upload. Red Hat rates this important (CVSS 8.1). Weakness: CWE-22. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Mitigation checklist
Recommended fix / mitigation
- Upgrade to LiteLLM 1.83.7-stable or later. Products that use LiteLLM only as a Python SDK (litellm.completion()) rather than running the LiteLLM Proxy Server with the Skills feature enabled are not exposed to this vulnerability, as the vulnerable HTTP upload endpoint does not exist in SDK-only usage.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.