top of page
perceptive_background_267k.jpg

Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Published:

28 April 2026 at 21:07:23

Alert date:

28 April 2026 at 22:01:03

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Web Technologies, Database & Storage, Supply Chain & Dependencies

Hackers are actively exploiting a critical pre-authentication SQL injection vulnerability in LiteLLM, an open-source large language model gateway. The vulnerability is tracked as CVE-2026-42208 and allows attackers to target sensitive information stored in the LiteLLM system. This represents an active exploitation of a critical flaw in AI/ML infrastructure components, posing significant risks to organizations using this gateway for LLM operations.

Technical details

SQL injection vulnerability in LiteLLM's proxy API key verification step that can be exploited without authentication by sending a specially crafted Authorization header to any LLM API route. The flaw allows reading and modifying data from the proxy's database. Attackers targeted '/chat/completions' endpoint with malicious 'Authorization: Bearer' headers to query tables containing API keys, provider credentials, environment data, and configs. The vulnerability was caused by string concatenation instead of parameterized queries.

Mitigation steps:

Upgrade to LiteLLM version 1.83.7 or later. If upgrade is not possible, set 'disable_error_logs: true' under 'general_settings' as a workaround. Treat exposed LiteLLM instances running vulnerable versions as potentially compromised. Rotate all virtual API keys, master keys, and provider credentials stored in internet-exposed LiteLLM instances.

Affected products:

LiteLLM versions prior to 1.83.7

Related links:

http://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc
https://github.com/BerriAI/litellm
https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/
https://www.bleepingcomputer.com/news/security/critical-marimo-pre-auth-rce-flaw-now-under-active-exploitation/

Related CVE's:

Related threat actors:

IOC's:

Malicious requests to '/chat/completions' endpoint, Crafted 'Authorization: Bearer' headers targeting database tables, SQL injection payloads targeting API key and credential tables

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page