CVE-2026-42208
Description
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
litellmPyPI | >= 1.81.16, < 1.83.7 | 1.83.7 |
Affected products
3- osv-coords2 versions
< 1.83.10.0-r0+ 1 more
- (no CPE)range: < 1.83.10.0-r0
- (no CPE)range: >= 1.81.16, < 1.83.7
Patches
Vulnerability mechanics
References
5- github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmcnvdMitigationPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-r75f-5x8p-qvmcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-42208ghsaADVISORY
- github.com/BerriAI/litellm/releases/tag/v1.83.7-stablenvdProductRelease NotesWEB
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government ResourceWEB
News mentions
7- Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and moreRapid7 Blog · Jun 26, 2026
- LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCEThe Hacker News · Jun 9, 2026
- ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE & MoreThe Hacker News · May 4, 2026
- 4th May – Threat Intelligence ReportCheck Point Research · May 4, 2026
- Great responsibility, without great powerCisco Talos Intelligence · Apr 30, 2026
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of DisclosureThe Hacker News · Apr 29, 2026
- CISA Adds One Known Exploited Vulnerability to CatalogCISA Alerts