A vulnerability, which was classified as critical , was found in BerriAI litellm up to 1.59.8 . Affected is the function UserAPIKeyAuth of the file litellm/proxy/_experimental/mcp_server/auth/user_api_key_auth_mcp.py of the component MCP Proxy . Executing a manipulation can lead to improper authentication. The identification of this vulnerability is CVE-2026-12773 . The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosu