Zero Day MonitorZDM

CVE-2026-40217: CVE-2026-40217: LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t — Zero Day Monitor

← Back to list

8.8

CVE-2026-40217EXPLOITED

berriai · litellm

CVE-2026-40217: LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t

Description

LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI.

Affected Products

Vendor	Product	Versions
berriai	litellm	bb0639701796218a3447160e55c0f1097446e4e6085df7dfd39f476d4143743f, main-latest (docker image ghcr.io/berriai/litellm:main-latest, repo digest ghcr.io/berriai/litellm@sha256:bb0639701796218a3447160e55c0f1097446e4e6085df7dfd39f476d4143743f)

References

https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm/

Related News (3 articles)

Tier C

VulDB4h ago

CVE-2026-40217 | BerriAI LiteLLM test_custom_code unprotected alternate channel

→ No new info (linked only)

Tier C

oss-security16h ago

Re: X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM

→ No new info (linked only)

Tier C

oss-security1d ago

X41 Advisory X41-2026-001: Guardrail Sandbox Escape in LiteLLM

→ No new info (linked only)

CVSS 3.18.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-420, CWE-94

PublishedApr 10, 2026

Last enriched4h agov2

Tags

sandbox escapecode injectionregex bypassbytecode manipulationmitigationauthenticated API

Trending Score61

Source articles3

Independent2