LiteLLM CVE-2026-42208 SQL Injection Under Active Exploit Within 36 Hours

CVE-2026-42208 (CVSS 9.3) is a pre-authentication SQL injection in BerriAI’s LiteLLM Python package that reached active exploitation within 36 hours of public disclosure. LiteLLM is an open-source LLM gateway widely used to proxy requests across AI providers including OpenAI, Anthropic, and AWS Bedrock.

The flaw allows unauthenticated attackers to modify the underlying database, potentially exposing API keys and model routing configurations stored by the gateway. Organizations running LiteLLM in production should patch immediately, rotate any API keys stored in the LiteLLM database, and audit database access logs for unauthorized queries made in the past several days.