ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) catalog lists CVE-2026-42208 as a BerriAI LiteLLM SQL Injection Vulnerability that allows an attacker to read data from the proxy’s database and potentially modify it, leading to unauthorised access to the proxy and the credentials it manages. The entry notes that it is currently Unknown whether it has been used in ransomware campaigns. Date Added is 2026-05-08, with a Due Date of 2026-05-11.
Action recommended includes applying mitigations per vendor instructions, following applicable BOD 22-01 guidance for cloud services, or discontinuing use of the product if mitigations are unavailable. Related notes provide a link to the security advisories and to the NVD entry for CVE-2026-42208. This KEV record emphasises the priority of vulnerability management and prioritisation for exposed or critical components within affected environments.