ON 8 May 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE‑2026‑42208 to its Known Exploited Vulnerabilities (KEV) catalogue. The vulnerability affects BerriAI’s LiteLLM product and is named the BerriAI LiteLLM SQL Injection Vulnerability. It is a SQL injection flaw that permits an attacker to read or modify data in the proxy’s database, potentially granting unauthorised access to the proxy and the credentials it manages.
CVE‑2026‑42208 is classified as a SQL injection vulnerability with a CVSS v3.1 base score of 9.3, rating it as Critical. The flaw can be exploited remotely via the LiteLLM proxy interface, allowing an attacker to inject arbitrary SQL statements that may lead to data disclosure, alteration, or further compromise of the system. As of the KEV entry, no patch has been publicly released; the patch status is listed as unknown.
Because the entry appears in the KEV catalogue, CISA confirms that the vulnerability is being actively exploited in the wild. No public reports link this flaw to ransomware campaigns at this time. Federal Civilian Executive Branch (FCEB) agencies must apply the required mitigations by 11 May 2026, the remediation due date specified by CISA.
CISA’s required action is to apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. While the directive binds FCEB agencies, all organisations are advised to assess their exposure to LiteLLM and implement the same measures where feasible.
For full details, consult the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-42208 and the CISA KEV catalogue.