Security
The LiteLLM Host-Header Bypass Is a Warning About Every Agent Proxy You Run
CVE-2026-49468 let a crafted Host header slip past LiteLLM's auth gate. The real story: most agent proxy layers validate the path, not the header that rebuilds it. Audit your upstream now.
Jun 17, 2026Verified