Arbitrary Command Execution Vulnerability in LiteLLM Proxy Server by BerriAI
CVE-2026-42271

8.7HIGH

Key Information:

Vendor: Berriai
Status: Litellm
Vendor: CVE Published:; 8 May 2026

🔔 Create Berriai Vulnerability Alert

Badges

🔥 Trending now📈 Trended📈 Score: 1,200👾 Exploit Exists🟡 Public PoC🟣 EPSS 60%🦅 CISA Reported📰 News Worthy

What is CVE-2026-42271?

false

CISA has reported CVE-2026-42271

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2026-42271 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

litellm >= 1.74.2, < 1.83.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-42271
Created by HORKimhab

News Articles

Help Net Security

CVE-2026-42271

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) - Help Net Security

A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers.

2 days ago

Swapupdate

CVE-2026-42271

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

Ravie LakshmananJun 09, 2026Vulnerability / Artificial Intelligence

3 days ago

It Security News

CVE-2026-42271

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE - IT Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS score: 8.7), is a command…R...

3 days ago

References

https://github.com/BerriAI/litellm/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/BerriAI/litellm/releases/tag/v1.83.7-s...

x_refsource_MISC

EPSS Score

60% chance of being exploited in the next 30 days.

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📈
Vulnerability started trending
Jun 11, 2026
🟡
Public PoC available
Jun 9, 2026
📰
First article discovered by Newsbreak
Jun 9, 2026
👾
Exploit known to exist
Jun 8, 2026
🦅
CISA Reported
Jun 8, 2026
Vulnerability published
May 8, 2026
Vulnerability Reserved
Apr 26, 2026

CVE-2026-42271 Data

JSON