CVE-2026-42208: BerriAI LiteLLM SQL Injection Vulnerability

Source: CISA Known Exploited Vulnerabilities catalog · back to feed

Vendor / product

BerriAI · LiteLLM

Date added (KEV): May 08, 2026
CISA due date: May 11, 2026
Ransomware campaign use: Unknown

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vendor fix: Vendor patch

Scorifya interpretation

AI-generated

A short, structured read of the record above — generated when this page first loads, then cached for a week.

Plain English

Technical detail

From CISA

BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages.

https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc ; https://nvd.nist.gov/vuln/detail/CVE-2026-42208

References

https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmcMitigationPatchVendor Advisory
https://github.com/BerriAI/litellm/releases/tag/v1.83.7-stableProductRelease Notes
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-42208US Government Resource

Check your domain's public posture

Scorifya doesn't test for specific CVEs, but if patching BerriAI changed your headers or TLS, a fresh hardening scan helps confirm nothing regressed externally.

Run a free scan Methodology