LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

Staff Editor 2026-04-29
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

https://thehackernews.com/2026/04/litellm-cve-2026-42208-sql-injection.html

Publish Date: 2026-04-29 01:34:00

Source Domain: thehackernews.com

Ravie LakshmananApr 29, 2026Vulnerability / Cloud Security

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI’s LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge.

The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying LiteLLM proxy database.

“A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter,” LiteLLM maintainers said in an alert last week.

“An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example, POST /chat/completions) and reach this query through the proxy’s error-handling path. An attacker could read data from the proxy’s database and may be able to modify it, leading to unauthorized access to the proxy and the credentials it manages.”

The shortcoming affects the following versions –

While the vulnerability was addressed in version 1.83.7-stable released on April 19, 2026, the first exploitation attempt was recorded on April 26 at 16:17 UTC, roughly 26 hours and seven minutes after the GitHub advisory was indexed in the global GitHub Advisory Database. The SQL injection activity, per Sysdig, originated from the IP address 65.111.27[.]132.

“Malicious activity fell into two phases driven by the same operator across two adjacent egress IPs, followed by a brief unauthenticated probe of the key-management endpoints,” security researcher Michael Clark said.

Specifically, the unknown threat actor is said to have targeted database tables like “litellm_credentials.credential_values” and “litellm_config” that hold information related to upstream large language model (LLM) provider keys and the proxy runtime environment. No probes were observed against tables like…

Source

More Stories

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Diaspo #444: From supercomputers to cybersecurity, Asmae Mhassni’s unconventional path

Staff Editor 2026-06-06
Opal Security Raises Million for AI-Native Identity Governance

Opal Security Raises $23 Million for AI-Native Identity Governance

Staff Editor 2026-06-06
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI

Staff Editor 2026-06-06

Terms and Conditions - Privacy Policy