A vulnerability was found in BerriAI litellm up to 1.82.5 and classified as critical . Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface . The manipulation of the argument prompt results in incorrect authorization. This vulnerability was named CVE-2026-12797 . The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure.