LiteLLM MCP Unauthenticated Server Registration RCE (CVE-2026-30623) - ATR-2026-00416 (22064386-fbcd-5e84-8eca-c092a878fcd6)

Detects exploitation of CVE-2026-30623 in LiteLLM (fixed in v1.83.7-stable). The MCP server-registration interface is reachable without authentication, allowing an unauthenticated remote attacker to POST a malicious STDIO server configuration. When any agent session subsequently initialises, the registered command (e.g. bash -c <payload>) is executed on the LiteLLM host. Part of the OX Security MCP-by-design disclosure (2026-04-15) which covers a class of unauthenticated MCP-config-to-RCE flaws across LiteLLM, LangChain, LangFlow. Distinct from CVE-2026-40933 (Flowise authenticated bypass) — this rule targets the unauthenticated-registration variant.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
LiteLLM MCP Unauthenticated Server Registration RCE (CVE-2026-30623) - ATR-2026-00416 (22064386-fbcd-5e84-8eca-c092a878fcd6)	Agent Threat Rules	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	1
LiteLLM MCP Unauthenticated Server Registration RCE (CVE-2026-30623) - ATR-2026-00416 (22064386-fbcd-5e84-8eca-c092a878fcd6)	Agent Threat Rules	Exploit Public-Facing Application (47d73872-5336-44f7-81e3-d30bc7e039dd)	MITRE ATLAS Attack Pattern	1
LiteLLM MCP Unauthenticated Server Registration RCE (CVE-2026-30623) - ATR-2026-00416 (22064386-fbcd-5e84-8eca-c092a878fcd6)	Agent Threat Rules	Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	1
AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a)	MITRE ATLAS Attack Pattern	LiteLLM MCP Unauthenticated Server Registration RCE (CVE-2026-30623) - ATR-2026-00416 (22064386-fbcd-5e84-8eca-c092a878fcd6)	Agent Threat Rules	1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c)	Attack Pattern	LiteLLM MCP Unauthenticated Server Registration RCE (CVE-2026-30623) - ATR-2026-00416 (22064386-fbcd-5e84-8eca-c092a878fcd6)	Agent Threat Rules	1