Vulnerability DatabaseMSC-2026-3284
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
MSC-2026-3284
March 24, 2026
The litellm wheel packages for versions 1.82.7 and 1.82.8 on PyPI contain a malicious .pth file (litellm_init.pth, 34,628 bytes). This file automatically executes a credential-stealing script on every Python interpreter startup, with no import litellm required. Users are advised to downgrade to 1.82.6, which is not compromised.
Related ResourcesĀ (6)
https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/
https://my.diffend.io/pypi/litellm/1.82.6__tar.gz/1.82.7__tar.gz/page/2#d2h-883276
https://github.com/BerriAI/litellm/issues/24512#issuecomment-4117874935
https://my.diffend.io/pypi/litellm/1.82.7__tar.gz/1.82.8__tar.gz/page/1#d2h-036838
https://github.com/mlflow/mlflow/pull/21971
https://github.com/BerriAI/litellm/issues/24512
Do you need more information?
Contact Us
CVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH