"The security defect is described as an SQL injection during the proxy API key verification process and is identified as CVE-2026-42208, with a CVSS score of 9.3."
"By exploiting the issue, the attacker could access the LiteLLM proxy's database to read and potentially modify data, allowing them to leak credentials stored in the database."
"The operator already knew LiteLLM's Prisma-generated PostgreSQL identifier casing and ran a textbook column-count discovery sweep against each target table."
"Despite the targeted nature of the attacks, no continuation was observed, and the extracted keys and credentials have not been abused."
A critical-severity SQL injection vulnerability in LiteLLM, identified as CVE-2026-42208 with a CVSS score of 9.3, was exploited shortly after public disclosure. The flaw allowed unauthenticated attackers to access sensitive database tables by sending a crafted Authorization header. The attacks targeted three specific tables containing API keys and provider credentials. Although the attacks were automated and occurred 21 minutes apart, no further exploitation of the extracted data was observed, and the credentials have not been abused.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]