Vulnerability DatabaseMSC-2026-3284
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
MSC-2026-3284
Published:May 16, 2026
Updated:May 16, 2026
The litellm wheel packages for versions 1.82.7 and 1.82.8 on PyPI contain a malicious .pth file (litellm_init.pth, 34,628 bytes). This file automatically executes a credential-stealing script on every Python interpreter startup, with no import litellm required. Users are advised to downgrade to 1.82.6, which is not compromised.
Related Resources (6)
https://my.diffend.io/pypi/litellm/1.82.6__tar.gz/1.82.7__tar.gz/page/2#d2h-883276
https://my.diffend.io/pypi/litellm/1.82.7__tar.gz/1.82.8__tar.gz/page/1#d2h-036838
https://github.com/BerriAI/litellm/issues/24512
https://github.com/BerriAI/litellm/issues/24512#issuecomment-4117874935
https://github.com/mlflow/mlflow/pull/21971
https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/
Do you need more information?
Contact Us