A vulnerability classified as critical was found in BerriAI litellm up to 1.82.2 . This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler . Such manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2026-12771 . The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure.