🔴 CVE-2026-42208

Critical SQL injection vulnerability in LiteLLM proxy server allowing unauthenticated attackers to read/modify database contents including API keys and credentials. Actively exploited within 36 hours of disclosure and added to CISA KEV catalog.

← Back to Overview
HIGH_RISK
Risk Level
9.3
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2026-05-08

Added to CISA KEV: 2026-05-08 0 DAY BETWEEN CVE AND KEV

🌐 Internet Exposure (Shodan): 69k+ internet-facing instances →
Query: http.title:"LiteLLM"   View on Shodan ↗
May include LiteLLM instances not running as proxy servers or running patched versions outside the vulnerable range
Checked: 2026-06-04

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-05-09)

The CVE-2026-42208 vulnerability, a SQL injection affecting BerriAI LiteLLM, has been actively exploited in the wild shortly after its disclosure [1][2].

Here's a breakdown of what is known about its exploitation:

  • Internet-Facing Applications/Services: The vulnerability exists within the proxy verification step of LiteLLM, which can expose API keys and credentials [1]. This suggests it can affect internet-facing services that utilize LiteLLM for authentication.
  • Evidence of Active Exploitation: There is clear evidence of active exploitation. CISA added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog based on this evidence [4]. Exploitation attempts were recorded as early as April 26, 2026, approximately 26 hours after the advisory was indexed [2].
  • Attack Vectors and Exploitation Methods: The vulnerability is a pre-authentication SQL injection [1]. Attackers can exploit it by manipulating the "Bearer" value in the authentication process. This value is directly concatenated into a SQL query without proper parameter binding, allowing an attacker to escape the string literal and append arbitrary SQL commands [1]. This enables attackers to read data from the LiteLLM database, potentially extracting API keys and credentials [1].
  • Targeted Attacks: Evidence suggests that the exploitation has been targeted [1]. Sysdig analysis indicated targeted exploitation within 36 hours of the vulnerability's disclosure [1].
  • CISA Known Exploited Vulnerabilities Status: CVE-2026-42208 is listed in CISA's Known Exploited Vulnerabilities (KEV) Catalog [3][5]. This catalog is an authoritative source of vulnerabilities that have been exploited in the wild, and organizations are advised to use it for vulnerability management prioritization [3].
  • Technical Details about Internet Exploitability: The vulnerability lies in the way the "Bearer" token is handled in versions of LiteLLM between `>= 1.81.16` and `< 1.83.7` [1]. Specifically, the concatenation of the "Bearer" value directly into a `SELECT` statement targeting the `LiteLLM_VerificationToken` table, without using parameter binding, creates the SQL injection flaw [1]. This allows an attacker to inject malicious SQL code, leading to unauthorized data access, such as the extraction of sensitive credentials [1]. The vulnerability was addressed in version `1.83.7-stable` [2].

Sources

  1. CVE-2026-42208: Targeted SQL injection against... | Sysdig

    Critical vulnerability CVE-2026-42208 exposes LiteLLM to pre-auth SQL injection, enabling attackers to extract API keys and credentials.CVE-2026-42208 exists within the proxy verification step. In affected versions (>= 1.81.16, < 1.83.7), the Bearer value is concatenated directly into a SELECT again…

  2. LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of ...

    CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise. ... The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying LiteLLM proxy database.While the vulnerabil…

  3. Known Exploited Vulnerabilities Catalog | CISA

    CVE-2026-42208. BerriAI LiteLLM SQL Injection Vulnerability: BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from ... ... For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and…

  4. CISA Adds One Known Exploited Vulnerability to Catalog | CISA

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  5. CVE-2026-42208 Detail - NVD

    This CVE is in CISA's Known Exploited Vulnerabilities Catalog ; BerriAI LiteLLM SQL Injection Vulnerability, 05/08/2026, 05/11/2026 ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed