CVE-2026-42208

CRITICAL KEV

LiteLLM: SQL injection in Proxy API key verification

Title source: cna

Description

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.

References (2)

Core 2

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc

X_Refsource_Misc x_refsource_misc

https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable

Scores

CVSS v4 9.3

EPSS 0.0008

EPSS Percentile 24.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2026-05-08

VulnCheck KEV 2026-04-27

CWE

CWE-89

Status published

Products (1)

BerriAI/litellm >= 1.81.16, < 1.83.7

Published May 08, 2026

KEV Added May 08, 2026

Tracked Since May 08, 2026