A critical security vulnerability affecting the LiteLLM Python package has been actively exploited within a short period after its public disclosure, highlighting the increasing speed at which threat actors are able to weaponize newly identified flaws. The issue, tracked as CVE 2026 42208 with a CVSS score of 9.3, involves an SQL injection vulnerability that could allow unauthorized access to and manipulation of the LiteLLM proxy database. Security researchers observed that exploitation attempts began within approximately 36 hours after the vulnerability details became publicly available, reflecting a growing trend in rapid threat activity targeting widely used open source tools.
According to details shared by LiteLLM maintainers, the flaw originates from improper handling of database queries during proxy API key validation processes. Instead of securely parameterizing user supplied inputs, the system incorporated these values directly into query strings, creating a pathway for SQL injection attacks. This allowed unauthenticated attackers to craft malicious Authorization headers and target endpoints such as POST requests to chat completions APIs. Through this approach, attackers could potentially read sensitive data from the proxy database and modify stored information, resulting in unauthorized access to credentials managed by the system. The vulnerability impacts versions starting from 1.81.16 up to but not including 1.83.7, with a fix released in version 1.83.7 stable on April 19 2026.
Security analysis by Sysdig revealed that the first exploitation attempt was recorded on April 26 2026, approximately 26 hours after the advisory was indexed in the global GitHub Advisory Database. The activity was traced to specific IP addresses and followed a structured pattern across two distinct phases. During the initial phase, attackers targeted database tables such as litellm_credentials.credential_values and litellm_config, which store sensitive information including upstream large language model provider keys and runtime configuration data. Notably, there was no observed attempt to access tables associated with user or team data, indicating that the attacker focused specifically on high value secrets within the system. A second phase of activity followed shortly after, using a different IP address to conduct similar probing operations, suggesting coordinated actions by the same operator.
LiteLLM is a widely used open source AI gateway platform with significant adoption among developers, reflected by its large number of GitHub stars and forks. The potential impact of this vulnerability is considerable, as a single compromised database entry may contain multiple high value credentials, including API keys for platforms such as OpenAI, Anthropic, and AWS Bedrock. Researchers noted that successful exploitation could result in consequences similar to a broader cloud account compromise rather than a typical web application level breach. This expands the risk scope beyond localized data exposure to include unauthorized usage of cloud resources and access to sensitive AI infrastructure.
In response to the vulnerability, users are strongly advised to update their LiteLLM deployments to the latest patched version. For environments where immediate patching is not feasible, maintainers have suggested mitigation steps such as disabling error logs through configuration settings to limit exposure pathways. The incident reflects a broader pattern observed in AI infrastructure security, where critical vulnerabilities in widely trusted software are quickly targeted without the need for publicly available proof of concept exploits. Researchers highlighted that the combination of publicly disclosed advisories and accessible open source codebases provides sufficient information for attackers to initiate exploitation, underscoring the importance of rapid patch management and proactive security practices across AI and cloud environments.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
