CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2026-42208 — LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo...

·Source: NIST NVD

Updated:

Executive Summary

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example

Analysis

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7. CVSS Score: 9.8. Published: 2026-05-08T04:16:19.923.

Indicators of Compromise (1)

CVE (1)
CVE-2026-42208
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 8, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerability

Texas sues Netflix over alleged data practices that create ‘surveillance machinery’ without user consent

In addition to fines, Texas is asking a judge to prevent Netflix from illegally collecting and sharing user data and to mandate that the company no longer use autoplay by default on kids’ profiles.

The Record
CRITICALVulnerability

cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor

A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager (WHM) that could result in an authentication bypass and allow remote attackers to gain elevated control of the control

CVE-2026-41940
The Hacker News
MEDIUMVulnerability

Visa unveils Tap to Confirm tech

Visa has introduced technology lets people verify their identity or activate a new card by tapping their physical card to their mobile inside the issuer’s banking app.

Finextra