Database Query Vulnerability in LiteLLM Proxy Server by BerriAI
CVE-2026-42208

9.3CRITICAL

Key Information:

Vendor

Berriai

Status
Litellm
Vendor
CVE Published:
8 May 2026

Badges

📈 Score: 322👾 Exploit Exists🟣 EPSS 43%🦅 CISA Reported📰 News Worthy

What is CVE-2026-42208?

CVE-2026-42208 is a significant vulnerability located in the LiteLLM proxy server developed by BerriAI, which acts as an AI gateway for calling large language model (LLM) APIs, specifically those formatted for OpenAI. This vulnerability arises from a flaw in how the software handles database queries during its API key validation process. From version 1.81.16 to prior to version 1.83.7, LiteLLM improperly mixes user-supplied API key values into SQL query text rather than treating them as separate parameters. This critical oversight allows unauthenticated attackers to exploit the error handling routes of the proxy by sending crafted Authorization headers. Consequently, attackers could gain unauthorized access to sensitive data stored within the proxy's database, including potentially modifying this information and accessing crucial credentials managed by the server. The available patch in version 1.83.7 addresses this issue, highlighting the importance of timely updates for secure operations.

Potential Impact of CVE-2026-42208

  1. Unauthorized Data Access: Attackers exploiting this vulnerability can read sensitive information stored within the proxy’s database, leading to potential data breaches and exposure of confidential user information.

  2. Data Manipulation Risks: The ability to modify database records could enable attackers to change user credentials or settings, undermining the integrity of the application and possibly allowing further exploitation.

  3. Escalated Security Risks: By gaining unauthorized access to the proxy and its managed credentials, attackers could leverage this foothold to execute more advanced attacks, compromising the overall security of systems reliant on the LiteLLM proxy server for API interactions.

CISA has reported CVE-2026-42208

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-42208 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

litellm >= 1.81.16, < 1.83.7

News Articles

favicon imageIt Security News

U.S. CISA adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog - IT Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in BerriAI LiteLLM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208 (CVSS score of 9.3), to…Read mor...

2 weeks ago

favicon imageSwapupdate

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

Ravie LakshmananApr 29, 2026Vulnerability / Cloud Security

3 weeks ago

References

https://github.com/BerriAI/litellm/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/BerriAI/litellm/releases/tag/v1.83.7-s...
x_refsource_MISC

EPSS Score

43% chance of being exploited in the next 30 days.

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability Reserved

.