{"data":{"id":"0fd02a0d-7bf5-45bd-be7c-ff62381e18a4","title":"CVE-2026-42203: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before vers","summary":"LiteLLM is a proxy server (a middleman that forwards requests to AI language model APIs) that had a security flaw in versions 1.80.5 through 1.83.6 in its POST /prompts/test endpoint. This endpoint took user-supplied prompt templates and ran them without sandboxing (isolating them in a restricted environment), allowing attackers with valid API keys to execute arbitrary code (running any commands they want) on the server, potentially stealing secrets like API keys or database passwords.","solution":"Upgrade to version 1.83.7 or later. According to the source: 'This issue has been patched in version 1.83.7.'","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42203","publishedAt":"2026-05-08T04:16:19.450Z","cveId":"CVE-2026-42203","cweIds":["CWE-1336"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LiteLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-08T04:16:19.450Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0010"]}}