top of page
perceptive_background_267k.jpg

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

Published:

29 April 2026 at 05:34:00

Alert date:

29 April 2026 at 06:00:51

Source:

thehackernews.com

Click to open the original link from this advisory

Supply Chain & Dependencies, Database & Storage, Zero-Day Vulnerabilities, Emerging Technologies

A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package was exploited in the wild within 36 hours of public disclosure. The flaw has a CVSS score of 9.3 and allows attackers to modify the underlying database through SQL injection attacks. This represents another case of threat actors rapidly exploiting newly disclosed vulnerabilities. The vulnerability affects the LiteLLM Python package used for AI/ML applications. The quick exploitation timeline highlights the urgent need for rapid patching of critical vulnerabilities in widely-used software components.

Technical details

SQL injection vulnerability in BerriAI's LiteLLM Python package where a database query used during proxy API key checks mixed caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route and reach this query through the proxy's error-handling path. The vulnerability allows attackers to read and potentially modify data from the proxy's database, leading to unauthorized access to the proxy and managed credentials. Attackers targeted specific database tables including 'litellm_credentials.credential_values' and 'litellm_config' containing upstream LLM provider keys and proxy runtime environment information.

Mitigation steps:

Users should patch their instances to version 1.83.7-stable or later. If immediate patching is not possible, set 'disable_error_logs: true' under 'general_settings' to remove the path through which untrusted input reaches the vulnerable query. Monitor for unauthorized access to LLM provider credentials and database modifications.

Affected products:

BerriAI LiteLLM Python package versions >=1.81.16 and <1.83.7

Related links:

https://github.com/BerriAI/litellm
https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc
https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable
https://www.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure
https://thehackernews.com/2026/03/teampcp-backdoors-litellm-versions.html
https://thehackernews.com/2026/04/lmdeploy-cve-2026-33626-flaw-exploited.html

Related CVE's:

Related threat actors:

IOC's:

65.111.27.132, 65.111.25.67

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page