{"id":236114,"date":"2026-04-29T06:14:06","date_gmt":"2026-04-29T11:14:06","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/04\/litellm-cve-2026-42208-sql-injection-exploited-within-36-hours-of-disclosure"},"modified":"2026-04-29T06:14:06","modified_gmt":"2026-04-29T11:14:06","slug":"litellm-cve-2026-42208-sql-injection-exploited-within-36-hours-of-disclosure","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/04\/litellm-cve-2026-42208-sql-injection-exploited-within-36-hours-of-disclosure","title":{"rendered":"LiteLLM CVE-2026\u201342208 SQL Injection Exploited within 36 Hours of Disclosure"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/litellm-cve-2026-42208-sql-injection-exploited-within-36-hours-of-disclosure.jpg\"><\/a><\/p>\n<p>In <a href=\"https:\/\/thehackernews.com\/2026\/04\/lmdeploy-cve-2026-33626-flaw-exploited.html\">yet another instance<\/a> of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI\u2019s <a href=\"https:\/\/github.com\/BerriAI\/litellm\">LiteLLM<\/a> Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge.<\/p>\n<p>The vulnerability, tracked as CVE-2026\u201342208 (CVSS score: 9.3), is an SQL injection that could be exploited to modify the underlying LiteLLM proxy database.<\/p>\n<p>\u201cA database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter,\u201d LiteLLM maintainers <a href=\"https:\/\/github.com\/BerriAI\/litellm\/security\/advisories\/GHSA-r75f-5x8p-qvmc\">said<\/a> in an alert last week.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI\u2019s LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The vulnerability, tracked as CVE-2026\u201342208 (CVSS score: 9.3), is an SQL injection that could [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-236114","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/236114","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=236114"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/236114\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=236114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=236114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=236114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}