CVEFinder.io

CVE-2026-42208

⛔ critical
🔍 Scan for this CVE
Summary

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker co

Description

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.

CVSS Score
9.8
Critical
EPSS Score
37.4
Exploit Probability
Published Date
2026-05-08
First Seen: 2026-05-10
📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.5% of all 328,009 vulnerabilities in our database.

#31,168
Top 10% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 8, 2026
🔍 Exploitation Status
Active
Exploits detected in the wild
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-08
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-89

📦 Affected Products 1

Vendor Product Status Affected Versions
litellm litellm Affected
> 1.81.16 < 1.83.7

🔗 References 3

https://github.com/BerriAI/litellm/releases/tag/v1.8...
Product Release Notes
https://github.com/BerriAI/litellm/security/advisori...
Mitigation Patch Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-47101 ⚠️ high 8.8 0.5 LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role ... 2026-05-21
CVE-2026-47102 ⚠️ high 8.8 0.4 LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint c... 2026-05-21
CVE-2026-42271 ⚠️ high 8.8 53.7 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before vers... 2026-05-08
CVE-2026-40217 ⚠️ high 8.8 0.2 LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/t... 2026-04-10
CVE-2026-35029 ⚠️ high 8.8 0.2 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/updat... 2026-04-06
CVE-2026-35030 ⛔ critical 9.1 0.1 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authenti... 2026-04-06
These CVEs affect the same products