Skip to content

[extensions] extra pins litellm<=1.83.14, inside CVE-2026-49468 vulnerable range (fixed in 1.84.0) #6283

Description

@dacongming0425

What happens

The extensions (and test) extras constrain litellm to litellm>=1.83.7,<=1.83.14. This entire range is affected by CVE-2026-49468 / GHSA-4xpc-pv4p-pm3w (LiteLLM authentication bypass via Host header injection), which is fixed in litellm 1.84.0.

Because the upper bound sits below the patched version, downstream projects that depend on google-adk[extensions] cannot move litellm to a non-vulnerable release. Dependabot flags this as a critical alert with no clean remediation:

  • Forcing litellm>=1.84.0 makes the resolver downgrade google-adk all the way back to 1.27.3 (the last release whose litellm bound was open, <2.0.0).
  • Every release from 1.28.0 through the latest 2.3.0 — including all of 2.x — carries a sub-1.84.0 ceiling, so upgrading google-adk (even to the latest 2.x) does not resolve the CVE.

litellm ceiling across versions

google-adk extensions litellm constraint allows patched (>=1.84.0)?
1.27.3 >=1.75.5,<2.0.0
1.28.01.31.0 >=1.75.5,<=1.82.6
1.32.01.36.0 >=1.83.7,<=1.83.14
2.0.0 / 2.1.0 / 2.2.0 / 2.3.0 >=1.83.7,<=1.83.14

Ask

Please raise the litellm upper bound to include 1.84.0+ (test against a recent litellm and relax the cap) so downstream users can remediate CVE-2026-49468 without pinning to a very old google-adk release.

Environment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions