A critical-severity vulnerability in the open source AI gateway LiteLLM was exploited days after public disclosure to access database tables containing sensitive information, according to Sysdig. The flaw is described as an SQL injection during the proxy API key verification process and is identified as CVE-2026-42208, with a CVSS score of 9.3.
An April 20 advisory on GitHub explains that a database query used during key verification included the caller-supplied value in the query rather than passing it as a separate parameter. This allowed an unauthenticated attacker to send a specially crafted Authorization header to any LLM API route and access the query via the proxy’s error-handling path; the call is pre-auth, so any HTTP client reaching the proxy port could exploit it.
On April 24, the advisory was indexed in the GitHub Advisory database, and the first attacks exploiting the flaw were observed 36 hours later, targeting three database tables containing API keys, provider credentials, and environment variable configuration. LiteLLM version 1.83.7 resolves the issue by passing the caller-supplied value as a separate parameter, and users are advised to update or disable error logs to mitigate exploitation.