CVE-2026-42208 - BerriAI LiteLLM SQL Injection Vulnerability
Project:BerriAI
Product:LiteLLM
Date Added:2026-05-08Due Date:2026-05-11
Vulnerability Name
BerriAI LiteLLM SQL Injection Vulnerability
Description
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc
https://nvd.nist.gov/vuln/detail/CVE-2026-42208
Related News Articles
LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCEJune 9, 2026