{"data":{"id":"4aa4b69f-c572-4a35-9559-c435845176b7","title":"CVE-2026-42208: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before ver","summary":"LiteLLM, a proxy server (intermediary program that forwards requests to different AI APIs) versions 1.81.16 through 1.83.6, has a SQL injection vulnerability (a flaw where attackers insert malicious code into database queries by manipulating user inputs). An unauthenticated attacker could craft a fake Authorization header to read or modify data stored in the proxy's database, potentially gaining unauthorized access to stored API credentials.","solution":"Update to version 1.83.7 or later, where this issue has been patched.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42208","publishedAt":"2026-05-08T04:16:19.923Z","cveId":"CVE-2026-42208","cweIds":["CWE-89"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LiteLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-08T04:16:19.923Z","capecIds":["CAPEC-66"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}