• Home
  • cyber
  • LiteLLM: Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
cyber Vulnerability

LiteLLM: Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

Apr 24, 2026 2 min read
LiteLLM: Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure

Critical SQL Injection Flaw in LiteLLM Exploited Within Days of Disclosure

A critical SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in the open-source AI gateway LiteLLM was exploited just 36 hours after public disclosure, allowing attackers to access sensitive database tables, according to a report by Sysdig.

The flaw stemmed from improper handling of user-supplied values during API key verification, where the input was directly included in database queries rather than passed as a separate parameter. This enabled unauthenticated attackers to craft malicious Authorization headers, bypassing authentication entirely and accessing the proxy’s database via error-handling paths. Successful exploitation could expose or modify stored credentials, including API keys, provider credentials, and environment variable configurations.

LiteLLM’s maintainers addressed the issue in version 1.83.7, released following an April 20 advisory. However, by April 24, the vulnerability was indexed in GitHub’s advisory database, and attacks were detected shortly after. Sysdig observed automated exploitation attempts targeting three specific PostgreSQL tables, with attackers using column-count discovery techniques to enumerate the database schema. The attacks, spaced 21 minutes apart, rotated origin IP addresses but showed no signs of credential abuse post-extraction.

While the attacks demonstrated precision in schema enumeration, Sysdig noted no confirmed data compromise. Users were urged to update to the patched version or disable error logs to mitigate the risk.

Source: https://www.securityweek.com/fresh-litellm-vulnerability-exploited-shortly-after-disclosure/

LiteLLM cybersecurity rating report: https://www.rankiteo.com/company/litellm

"id": "LIT1777472744",
"linkid": "litellm",
"type": "Vulnerability",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology/AI',
                        'name': 'LiteLLM',
                        'type': 'Open-source AI gateway'}],
 'attack_vector': 'Unauthenticated API requests with malicious Authorization '
                  'headers',
 'customer_advisories': 'Users urged to update to version 1.83.7 or disable '
                        'error logs.',
 'data_breach': {'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Credentials (API keys, provider '
                                             'credentials, environment '
                                             'variables)'},
 'date_detected': '2024-04-24',
 'date_publicly_disclosed': '2024-04-20',
 'date_resolved': '2024-04-20',
 'description': 'A critical SQL injection vulnerability (CVE-2026-42208, CVSS '
                '9.3) in the open-source AI gateway LiteLLM was exploited just '
                '36 hours after public disclosure, allowing attackers to '
                'access sensitive database tables. The flaw stemmed from '
                'improper handling of user-supplied values during API key '
                'verification, enabling unauthenticated attackers to bypass '
                'authentication and access the proxy’s database via '
                'error-handling paths. Successful exploitation could expose or '
                'modify stored credentials, including API keys, provider '
                'credentials, and environment variable configurations.',
 'impact': {'data_compromised': 'API keys, provider credentials, environment '
                                'variable configurations',
            'systems_affected': 'LiteLLM AI gateway'},
 'investigation_status': 'Completed',
 'lessons_learned': 'Automated exploitation can occur rapidly after '
                    'vulnerability disclosure; proper input sanitization is '
                    'critical for API security.',
 'post_incident_analysis': {'corrective_actions': 'Released patch (version '
                                                  '1.83.7), advised disabling '
                                                  'error logs as mitigation.',
                            'root_causes': 'Improper handling of user-supplied '
                                           'values in API key verification, '
                                           'direct inclusion in database '
                                           'queries without parameterization.'},
 'recommendations': 'Update to patched versions immediately, disable error '
                    'logs if unable to patch, monitor for unauthorized '
                    'database access.',
 'references': [{'source': 'Sysdig'},
                {'date_accessed': '2024-04-24',
                 'source': 'GitHub Advisory Database'}],
 'response': {'communication_strategy': 'Public advisory on April 20, user '
                                        'notifications',
              'containment_measures': 'Patch released (version 1.83.7), '
                                      'recommendation to disable error logs',
              'remediation_measures': 'Update to patched version 1.83.7',
              'third_party_assistance': 'Sysdig'},
 'title': 'Critical SQL Injection Flaw in LiteLLM Exploited Within Days of '
          'Disclosure',
 'type': 'SQL Injection',
 'vulnerability_exploited': 'CVE-2026-42208'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.