chore(deps): update dependency litellm to v1.83.10 [security]

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Confidence
litellm	==1.83.7 → ==1.83.10

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

LiteLLM has a sandbox escape in custom-code guardrail

CVE-2026-40217 / GHSA-wxxx-gvqv-xp7p

More information

Details

Impact

The POST /guardrails/test_custom_code endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level techniques, allowing arbitrary code execution in the proxy process — which runs as root in the default Docker image.

Reaching the endpoint requires a proxy-admin credential in default configurations.

Patches

Fixed in 1.83.11. The hand-rolled sandbox has been replaced with RestrictedPython. Upgrade to 1.83.11 or later.

Workarounds

If upgrading is not immediately possible, block POST /guardrails/test_custom_code at your reverse proxy or API gateway.

References

• Patched release: v1.83.10-stable

Severity

• CVSS Score: 7.5 / 10 (High)
• Vector String: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

• https://github.com/BerriAI/litellm/security/advisories/GHSA-wxxx-gvqv-xp7p
• https://nvd.nist.gov/vuln/detail/CVE-2026-40217
• https://github.com/BerriAI/litellm/releases/tag/v1.83.10-stable
• https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm
• https://github.com/advisories/GHSA-wxxx-gvqv-xp7p

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.