CVE-2026-42208: LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before ver
Summary
LiteLLM, a proxy server (intermediary program that forwards requests to different AI APIs) versions 1.81.16 through 1.83.6, has a SQL injection vulnerability (a flaw where attackers insert malicious code into database queries by manipulating user inputs). An unauthenticated attacker could craft a fake Authorization header to read or modify data stored in the proxy's database, potentially gaining unauthorized access to stored API credentials.
Solution / Mitigation
Update to version 1.83.7 or later, where this issue has been patched.
Vulnerability Details
EPSS: 0.0%
May 8, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-42208
First tracked: May 8, 2026 at 02:12 AM
Classified by LLM (prompt v3) · confidence: 92%