External risk intelligence
LiteLLM proxy could allow external attackers to steal managed credentials and modify data.
BerriAI LiteLLM proxy servers could allow external attackers to inject commands into the underlying database, potentially exposing sensitive API credentials and proxy configurations. This vulnerability is actively being exploited, making immediate remediation critical for any internet-facing instances.
CVE-2026-42208
Exposure facts
H – Horizon Alert
A security vulnerability has been identified in LiteLLM, an AI gateway used to manage API connections, involving how the system processes database queries. This flaw could allow an unauthenticated user to read or modify information stored within the system's database. Consequently, this poses a risk of unauthorized access to the proxy and the sensitive credentials it manages.
A – Asset Exposure
LiteLLM functions as a proxy server and AI gateway, managing API connectivity and the associated keys required to access AI services. As these gateways are often positioned to handle external traffic, they may be accessible to unauthorized parties. Exploitation of this issue could grant access to the underlying database, potentially compromising sensitive credentials and allowing for the unauthorized modification of information managed by the proxy.
L – Live Threat
This vulnerability is currently listed in the CISA Known Exploited Vulnerabilities catalog, confirming that it is being actively exploited in the wild. An attacker could leverage this flaw to gain unauthorized access to our database and the credentials it manages. Due to these confirmed signals of active exploitation, the security risk associated with this finding is considered highly elevated.
O – Operational Fix
Because this vulnerability is actively being exploited, please prioritize the immediate application of official vendor-provided updates to all affected proxy systems. Your IT team should review the vendor’s security advisory to apply the necessary patches that resolve this unauthorized access risk. If these updates cannot be deployed immediately, please evaluate the necessity of restricting or temporarily discontinuing the use of this service.