High7.2Red Hat & Ubuntu Linux Updated
Arbitrary code execution and information disclosure via custom code guardrails
CVE-2026-59821 Published Jul 8, 2026Updated by vendor Jul 8, 2026
CVE-2026-59821
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Arbitrary code execution and information disclosure via custom code guardrails. Red Hat rates this important (CVSS 7.2). Weakness: CWE-94. No fix erratum has been published yet; monitor the Red Hat CVE page and apply the RHSA when released.
Mitigation checklist
Recommended fix / mitigation
- Upgrade litellm to 1.82.0 or later, which enforces the same code-safety checks on the guardrail create/update endpoints as the test endpoint. If upgrading is not immediately possible, restrict access to POST /guardrails and PUT /guardrails/{guardrail_id} to trusted administrators only, ensure LITELLM_MASTER_KEY is configured so unauthenticated callers are not treated as proxy administrators, and avoid enabling Custom Code Guardrails for untrusted users.
Official advisory · high-confidence parse· fetched 10 minutes ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.