CVE-2026-42208

🗓️ 08 May 2026 03:38:14Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 366 Views🌐 WEB

Unauthenticated SQL injection in LiteLLM key verification enables data access; fixed in 1.83.7.

Reporter	Title	Published	Views	Family All 31
GithubExploit	Exploit for SQL Injection in Litellm	10 May 202602:07	–	githubexploit
GithubExploit	Exploit for CVE-2026-42208	28 Apr 202616:57	–	githubexploit
GithubExploit	Exploit for SQL Injection in Litellm	30 May 202604:51	–	githubexploit
GithubExploit	Exploit for SQL Injection in Litellm	18 Jun 202623:40	–	githubexploit
GithubExploit	Exploit for SQL Injection in Litellm	22 May 202623:22	–	githubexploit
GithubExploit	Exploit for SQL Injection in Litellm	10 May 202612:11	–	githubexploit
ATTACKERKB	CVE-2026-42208	8 May 202603:38	–	attackerkb
Chainguard	CVE-2026-42208 vulnerabilities	6 May 202619:17	–	cgr
Circl	CVE-2026-42208	28 Apr 202605:12	–	circl
CISA KEV Catalog	BerriAI LiteLLM SQL Injection Vulnerability	8 May 202600:00	–	cisa_kev

NVD

Vulners

Node

litellm litellmRange1.81.16–1.83.7

[
  {
    "vendor": "BerriAI",
    "product": "litellm",
    "versions": [
      {
        "version": ">= 1.81.16, < 1.83.7",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc
github	www.github.com/BerriAI/litellm/releases/tag/v1.83.7-stable
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
Authorization	header	v1/chat/completions	Pre-auth SQL injection via raw token being used in a SQL query during API key verification path	CWE-89
Authorization	header	models	SQL injection in token handling path exposed on endpoint used to fetch models (example in document)	CWE-89

17 Jun 2026 10:47Current

6Medium risk

Vulners AI Score6

CVSS 3.19.8

CVSS 49.3

EPSS0.93107

SSVC