LITELLM has a critical SQL injection flaw tracked as CVE-2026-42208 (CVSS 9.3) that was exploited in the wild within 36 hours of disclosure, according to The Hacker News. The vulnerability allows an unauthenticated attacker to read and potentially modify the proxy database by injecting into a query used during proxy API key checks, with evidence that an Authorization header could reach the vulnerable path such as POST /chat/completions.
The first exploitation attempt was recorded on 26 April 2026 at 16:17 UTC, roughly 26 hours and seven minutes after the GitHub advisory was indexed in the global GitHub Advisory Database, and the activity originated from the IP address 65.111.27.[132].
Security researcher Michael Clark said the attacker operated in two phases across adjacent egress IPs, then probed key-management endpoints, targeting tables like litellm_credentials.credential_values and litellm_config, while avoiding litellm_users or litellm_team, according to Sysdig. LiteLLM versions affected are >=1.81.16 and <1.83.7, with a patch in 1.83.7-stable released on 19 April 2026; users are urged to upgrade or set disable_error_logs: true if upgrading is not immediate.