NVD HIGH: CVE-2026-42203 — LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo...
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any
CVE-2026-42203