LiteLLM JWT/OIDC userinfo cache key collision authentication bypass

This repository is a working Python PoC for CVE-2026-35030, an authentication bypass in BerriAI LiteLLM affecting versions prior to 1.83.0 when JWT/OIDC auth is enabled. The core issue is that LiteLLM caches OIDC userinfo using only the first 20 characters of the bearer token, which for RS256 JWTs are identical across different users because the JWT header is the same. The exploit demonstrates that if an admin's userinfo is cached first, a second JWT for an attacker can collide on the same cache key and inherit the admin identity. Repository structure is straightforward: `exploit/exploit.py` is the main entry point and performs either a collision demo or a full exploit attempt; `exploit/token_forge.py` obtains JWTs from the mock OIDC provider and analyzes their shared prefix; `oidc-provider/server.py` implements a FastAPI-based mock OIDC server with discovery, JWKS, userinfo, token issuance, and health endpoints; `docker-compose.yml` orchestrates PostgreSQL, the mock OIDC provider, a vulnerable LiteLLM instance on port 4000, and an optional fixed instance on port 4001; `litellm_config.yaml` enables JWT auth and points LiteLLM at the mock OIDC userinfo endpoint; the Dockerfiles pin vulnerable/fixed LiteLLM versions and patch enterprise checks for local reproduction. Main exploit capability: network-based auth bypass and privilege escalation via cache-key collision, not code execution. The exploit sends HTTP GET requests to LiteLLM `/user/info` with crafted bearer tokens after obtaining them from the mock OIDC `/token` endpoint. Success is determined by whether the attacker request receives `user_id=admin` or equivalent admin claims. The repository also includes a fixed-version comparison path showing that sha256-based cache keys prevent the collision.