THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a flaw in BerriAI LiteLLM, tracked as CVE-2026-42208, to its Known Exploited Vulnerabilities catalog, with a CVSS score of 9.3. At the end of April, attackers rapidly exploited the vulnerability in LiteLLM’s Python package, days after it was disclosed, enabling unauthenticated access to potentially modify database data via a SQL injection in the proxy API key verification process.
The flaw affects LiteLLM versions 1.81.16 to 1.83.6 and was fixed in 1.83.7 on 19 April 2026, with Sysdig Threat Research Team noting exploitation began about 36 hours after the advisory. An attacker could read data from the proxy’s database and may be able to modify it by sending a specially crafted Authorization header to an API route such as POST /chat/completions, taking advantage of an error-handling path.
Researchers observed real-world attacks targeting sensitive information, while noting there were no signs of data theft or further compromise in the observed activity. Federal agencies are required to fix the vulnerability by 11 May 2026, according to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities; private organisations are advised to review the KEV Catalog and apply mitigations where possible.