This is an advisory for a malicious package.

We recommend immediate removal of malicious versions of this package. Safety Firewall is actively blocking installation and will help you identify any existing installations of the package.

Learn more

PyPI: litellm

SFTY-20260324-28516

Affected versions of litellm package contain Embedded Malicious Code. Upon installation, a malicious `.pth` file executes automatically at Python startup, launching a background process that exfiltrates credentials from SSH keys, cloud providers (AWS, GCP, Azure, Kubernetes), cryptocurrency wallets, and CI/CD secrets to an attacker-controlled server. The malware establishes persistent backdoor access via a systemd service and attempts to take over the entire Kubernetes cluster if running in a containerized environment.

PythonPyPI
Created at: Mar 24, 2026Updated at: Mar 24, 2026

Overview

litellm – Embedded Malicious Code

Advisory

litellm – Embedded Malicious Code

Affected Package

Affecting litellm package, versions
>=1.82.7,<=1.82.8

Also affects

---

How to Fix

We recommend updating litellm to the latest non-vulnerable version.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more