CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The affected CVE is CVE-2026-42208, described as a BerriAI LiteLLM SQL Injection Vulnerability. This vulnerability is highlighted as a frequent attack vector used by malicious cyber actors and poses significant risks to the federal enterprise.
The update comes under the Binding Operational Directive (BOD) 22-01 framework, which established the KEV Catalog as a living list of known CVEs that carry significant risk to the federal enterprise, with agencies required to remediate identified vulnerabilities by the due date to protect networks against active threats.
Although BOD 22-01 applies to Federal Civilian Executive Branch agencies, CISA strongly urges all organisations to prioritise timely remediation of KEV Catalog vulnerabilities as part of vulnerability management. according to CISA.