Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw

Related breach coverage

• CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
  2026-04-29

  Attackers quickly exploited a critical LiteLLM flaw (CVE-2026-42208) to access and modify sensitive database data via SQL injection. Attackers rapidly exploited a critical vulnerability in LiteLLM Python package, tracked as CVE-2026-42208, just days after it became public. The vulnerability, an SQL injection in the proxy API key verification process, lets attackers access and potentially modify database […]

• CVE-2026-3854 GitHub flaw enables remote code execution
  2026-04-28

  Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise […]

• Critical bug in CrowdStrike LogScale let attackers access files
  2026-04-26

  CrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a remote attacker to read arbitrary files from the server filesystem. “CrowdStrike has released security updates […]

• Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
  2026-04-29

  Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. [...]