CISA Adds BerriAI LiteLLM SQL Injection to Known Exploited Vulnerabilities

CISA added CVE-2026-42208, a SQL injection vulnerability in BerriAI’s LiteLLM, to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. LiteLLM is a widely-used open-source proxy layer that routes calls across multiple LLM providers, making it common infrastructure in AI-heavy environments. SQL injection at this layer could expose LLM API keys, request logs, and prompt histories. Organizations running LiteLLM should update immediately and audit any instances accessible over the internet.