{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2026-42208", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-25T05:04:37.027Z", "datePublished": "2026-05-08T03:38:14.124Z", "dateUpdated": "2026-06-29T12:34:19.762Z" }, "containers": { "cna": { "title": "LiteLLM: SQL injection in Proxy API key verification", "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE" } ] } ], "metrics": [ { "cvssV4_0": { "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "references": [ { "name": "https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc" }, { "name": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable" } ], "affected": [ { "vendor": "BerriAI", "product": "litellm", "versions": [ { "version": ">= 1.81.16, < 1.83.7", "status": "affected" } ] } ], "providerMetadata": { "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-05-08T03:38:14.124Z" }, "descriptions": [ { "lang": "en", "value": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7." } ], "source": { "advisory": "GHSA-r75f-5x8p-qvmc", "discovery": "UNKNOWN" } }, "adp": [ { "references": [ { "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42208", "tags": [ "government-resource" ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2026-05-08T00:00:00+00:00", "options": [ { "Exploitation": "active" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-42208" } } }, { "other": { "type": "kev", "content": { "dateAdded": "2026-05-08", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42208" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-09T03:55:45.157Z" }, "timeline": [ { "time": "2026-05-08T00:00:00.000Z", "lang": "en", "value": "CVE-2026-42208 added to CISA KEV" } ] }, { "affected": [ { "cpes": [ "cpe:/a:redhat:lightspeed_core" ], "defaultStatus": "unaffected", "product": "Lightspeed Core", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:ansible_automation_platform:2" ], "defaultStatus": "unaffected", "product": "Red Hat Ansible Automation Platform 2", "vendor": "Red Hat" }, { "cpes": [ "cpe:/a:redhat:openshift_ai" ], "defaultStatus": "unaffected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat" } ], "datePublic": "2026-04-28T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API route, exploiting the proxy's error-handling path. Successful exploitation could enable the attacker to read and potentially modify data within the proxy's database, leading to unauthorized access to the proxy and its managed credentials." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Critical" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE" } ] } ], "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2026-42208" }, { "name": "RHBZ#2463965", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463965" }, { "tags": [ "x_sadp-csaf-vex" ], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-42208.json" } ], "timeline": [ { "lang": "en", "time": "2026-04-29T22:15:41.713Z", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2026-04-28T00:00:00.000Z", "value": "Made public." } ], "title": "LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection", "x_adpType": "supplier", "x_generator": { "engine": "sadp-cli 1.0.0" }, "providerMetadata": { "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-29T12:34:19.762Z" } } ] } }