Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
The vulnerability allows attackers to read data from a LiteLLM proxy’s database and potentially modify it. The post Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure appeared first on SecurityWeek.
A critical-severity vulnerability in the open source AI gateway LiteLLM was exploited days after public disclosure to access database tables containing sensitive information, Sysdig reports.
The security defect is described as an SQL injection during the proxy API key verification process and is identified as CVE-2026-42208, with a CVSS score of 9.3.
In an April 20 advisory, LiteLLM’s maintainers explained that a database query used during key verification did not pass the caller-supplied value as a separate parameter, including it in the query instead.
Source: https://www.securityweek.com/fresh-litellm-vulnerability-exploited-shortly-after-disclosure/
Related breach coverage
- CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure2026-04-29
Attackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vulnerability, an SQL injection in the proxy API key verification process, lets attackers access and potentially modify database […]
- Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months2026-04-30
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers. The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek.
- Robinhood Vulnerability Exploited for Phishing Attacks2026-04-28
Legitimate-looking emails coming from Robinhood systems lured recipients to phishing websites. The post Robinhood Vulnerability Exploited for Phishing Attacks appeared first on SecurityWeek.
- Firefox Vulnerability Allows Tor User Fingerprinting2026-04-27
The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10. The post Firefox Vulnerability Allows Tor User Fingerprinting appeared first on SecurityWeek.