CVE-2026-42208

NVD data not available for this CVE. It may be pending analysis or not yet published.

Related Intelligence (2)

NVD CRITICAL: CVE-2026-42208 — LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo...

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example

CVE-2026-42208

May 8, 2026NIST NVD

HIGHVulnerability

CISA KEV: BerriAI LiteLLM — BerriAI LiteLLM SQL Injection Vulnerability

BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorised access to the proxy and the credentials it manages.

CVE-2026-42208BerriAI LiteLLM

May 8, 2026CISA KEV