LiteLLM
-
CISA flags LiteLLM flaw as exploited in the wild
CISA said a high-severity LiteLLM command injection flaw is being actively exploited. The bug can let authenticated users run commands on the host, and researchers warned it may be chained with a Starlette issue for unauthenticated access.
-
LiteLLM flaw exploited within 36 hours of public disclosure
LiteLLM’s CVE-2026-42208 SQL injection was exploited within 36 hours of disclosure, with attackers targeting database tables that store provider keys and runtime settings. The flaw affects versions 1.81.16 through 1.83.6.
