{"data":{"id":"73d45422-1393-4ae4-8177-49bde0732f13","title":"CVE-2026-42271: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before vers","summary":"LiteLLM is a proxy server (an intermediary that forwards requests between clients and AI language model APIs) that had a critical vulnerability in versions 1.74.2 through 1.83.6. Two test endpoints allowed users to submit server configurations that could execute arbitrary commands (running any code an attacker wants) on the server itself, as long as they had a valid API key, even a low-privilege one.","solution":"This issue has been patched in version 1.83.7. Users should upgrade to version 1.83.7 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-42271","publishedAt":"2026-05-08T04:16:21.820Z","cveId":"CVE-2026-42271","cweIds":["CWE-77","CWE-78"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LiteLLM","OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-08T04:16:21.820Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}