CVE-2026-30623: LiteLLM Authenticated MCP RCE

Executive Summary

LiteLLM contains an authenticated remote command execution vulnerability in its MCP server creation functionality, where improper validation of JSON configurations allows attackers to execute arbitrary system commands.

Root Cause Analysis

Analysis indicates that the vulnerability originates from insecure processing of MCP configurations. The application fails to sanitize inputs provided in JSON format, allowing command injection.

Exploit Analysis

The attack vector leverages the MCP adapter configuration logic. By injecting a malicious JSON configuration containing arbitrary command and argument values, the LiteLLM process executes these inputs on the host system.

Detection Rules

Sigma

title: LiteLLM Authenticated MCP RCE Detection
logsource:
  category: process_creation
detection:
  selection:
    CommandLine: '*mcp*register*'
  condition: selection