{"vulnerability": "cve-2026-40217", "sightings": [{"uuid": "93e96dba-3704-4f6c-8592-c285c6fc101c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40217", "type": "published-proof-of-concept", "source": "Telegram/SM41ZgDjE5GCx8_K5BndOjKQZfdnq7khstyXQtIQ9aWd83s", "content": "", "creation_timestamp": "2026-05-19T21:00:04.000000Z"}, {"uuid": "fcd3a608-5d5c-41f7-8d3d-ccbdfd3d5da7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40217", "type": "seen", "source": "Telegram/BHjpIBo0iRlJvCTjCc1tWATK3ONpTPYFFDHwGYF-bIOT41U", "content": "", "creation_timestamp": "2026-04-10T15:17:37.000000Z"}, {"uuid": "17b887a5-7c47-4bba-b246-41756975b683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40217", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mj5nnyqjgd2j", "content": "", "creation_timestamp": "2026-04-10T15:37:09.730534Z"}, {"uuid": "65e9e1d3-5451-4159-a24a-c41a41e7c142", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40217", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mj7lcnmbmh2w", "content": "", "creation_timestamp": "2026-04-11T10:00:21.433893Z"}, {"uuid": "d999fdba-3fdb-47d4-b2c2-b4c732f8508f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40217", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mkjc3k7ttb2z", "content": "", "creation_timestamp": "2026-04-28T00:07:07.902916Z"}, {"uuid": "720c1245-8d16-42c2-a2c5-4b4d8ebc0657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40217", "type": "seen", "source": "https://gist.github.com/alon710/37ecce29751bae48629dbc52c1e489d5", "content": "# CVE-2026-40217: CVE-2026-40217: Remote Code Execution via Sandbox Escape in LiteLLM\n\n> **CVSS Score:** 8.8\n> **Published:** 2026-05-11\n> **Full Report:** https://cvereports.com/reports/CVE-2026-40217\n\n## Summary\nLiteLLM, an open-source LLM proxy, contains a critical sandbox escape vulnerability in its guardrail testing endpoint. An authenticated attacker can bypass regex-based source-code filtering by leveraging Python object hierarchy traversal and runtime bytecode manipulation, leading to arbitrary code execution as the process owner.\n\n## TL;DR\nAn authenticated RCE vulnerability exists in LiteLLM's `/guardrails/test_custom_code` endpoint. The custom Python sandbox relies on flawed regex filtering, allowing attackers to rewrite function bytecode and access restricted built-ins to execute system commands.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-94\n- **Attack Vector**: Network\n- **CVSS v3.1 Score**: 8.8\n- **EPSS Score**: 0.0024\n- **Impact**: Remote Code Execution\n- **Exploit Status**: Proof of Concept (PoC)\n\n## Affected Systems\n\n- LiteLLM Proxy\n- LiteLLM Docker Containers\n- **LiteLLM**: <= 2026-04-08 (Fixed in: `v1.83.10-stable`)\n\n## Mitigation\n\n- Software Update\n- Network Segmentation\n- Privilege Reduction\n- URI Blocking\n\n**Remediation Steps:**\n1. Identify all running instances of the LiteLLM proxy within the infrastructure.\n2. Pull the updated Docker image for LiteLLM version v1.83.10-stable or higher.\n3. Redeploy the LiteLLM containers specifying an unprivileged user via the Docker `--user` flag.\n4. Configure the upstream reverse proxy (e.g., Nginx or Traefik) to block POST requests targeting `/guardrails/test_custom_code`.\n5. Verify that the management port (default 4000) is unreachable from the public internet.\n\n## References\n\n- [X41 D-Sec Security Advisory](https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm/)\n- [SentinelOne Vulnerability Database](https://www.sentinelone.com/vulnerability-database/cve-2026-40217/)\n- [LiteLLM Release v1.83.10-stable](https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stable)\n- [CVE Record (CVE.org)](https://www.cve.org/CVERecord?id=CVE-2026-40217)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-40217) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-11T17:10:29.000000Z"}]}