LiteLLM CVE-2026-42208 SQL Injection Exploited Within 36 Hours of Disclosure

CVE-2026-42208 (CVSS 9.3), a critical SQL injection flaw in BerriAI’s LiteLLM Python package, came under active exploitation within 36 hours of public disclosure. The vulnerability allows attackers to read data from a LiteLLM proxy’s underlying database and potentially modify it, exposing API keys, model configurations, and usage logs stored by the proxy.

LiteLLM is widely deployed as an AI proxy layer for routing requests to multiple LLM providers. Organizations running self-hosted LiteLLM instances should update immediately and rotate any API keys or secrets stored in the proxy database. The 36-hour exploitation window underscores that AI infrastructure components need same-day patching discipline equal to production web services.