Critical SQL injection vulnerability in LiteLLM proxy server allowing unauthenticated attackers to read/modify database contents including API keys and credentials. Actively exploited within 36 hours of disclosure and added to CISA KEV catalog.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2026-05-08
Added to CISA KEV: 2026-05-08 0 DAY BETWEEN CVE AND KEV
Critical vulnerability CVE-2026-42208 exposes LiteLLM to pre-auth SQL injection, enabling attackers to extract API keys and credentials.CVE-2026-42208 exists within the proxy verification step. In affected versions (>= 1.81.16, < 1.83.7), the Bearer value is concatenated directly into a SELECT against the LiteLLM_VerificationToken table without parameter binding. A single quote allows an attacker to escape the string literal and append arbitrary SQL. ... Critical vulnerability CVE-2026-42208 exposes LiteLLM to pre-auth SQL injection, enabling attackers to extract API keys and credentials. Sysdig analysis reveals targeted exploitation within 36 hours of disclosure. ... Critical vulnerability CVE-2026-42208 exposes LiteLLM to pre-auth SQL injection, enabling attackers to extract API keys and credentials.
CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise. ... The vulnerability, tracked as CVE-2026-42208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying LiteLLM proxy database.While the vulnerability was addressed in version 1.83.7-stable released on April 19, 2026, the first exploitation attempt was recorded on April 26 at 16:17 UTC, roughly 26 hours and seven minutes after the GitHub advisory was indexed in the global GitHub Advisory Database. The SQL injection activity, per Sysdig, originated from the IP address 65.111.27[.]132.
CVE-2026-42208. BerriAI LiteLLM SQL Injection Vulnerability: BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from ... ... For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV ...
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
This CVE is in CISA's Known Exploited Vulnerabilities Catalog ; BerriAI LiteLLM SQL Injection Vulnerability, 05/08/2026, 05/11/2026 ...