LiteLLM SQL Injection Flaw CVE-2026-42208 Actively Exploited Within 36 Hours

A critical SQL injection vulnerability in the widely used LiteLLM Python package is being actively exploited less than two days after public disclosure, according to researchers at Sysdig. The flaw, tracked as CVE-2026-42208 with a CVSS score of 9.3, resides in the BerriAI open-source AI Gateway software. LiteLLM maintainers said in an advisory that a database query used during proxy API key checks mixed caller-supplied values directly into query text rather than passing them as parameters. An unauthenticated attacker could send a specially crafted The bug was patched in version 1.83.7-stable released on April 19, 2026. The first recorded exploitation attempt came on April 26 at 16:17 UTC, roughly 26 hours after the advisory was indexed in GitHub's Advisory Database. The activity originated from IP address 65.111.27[.]132. Sysdig's Michael Clark said the attacker targeted database tables including "litellm_credentials.credential_values" and "litellm_config," which hold upstream LLM provider keys and proxy runtime settings. No probes were seen against user or team tables. In a second phase roughly 20 minutes later, the same operator shifted to a different IP and ran a similar probe. LiteLLM has more than 45,000 GitHub stars and 7,600 forks. The project was the target of a supply chain attack Users are advised to upgrade to version 1.83.7 or later. If patching is not immediately possible, maintainers recommend setting "disable_error_logs: true" under "general_settings" to block the error-handling path that exposes the vulnerable query.