Lucene search
K

24 matches found

VulnCheck KEV
VulnCheck KEV
β€’added 2026/06/08 12:0 a.m.β€’44 views

VulnCheck KEV: CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it β€” POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list β€” accepted a full server configuration i...

8.8CVSS5.6AI score0.80188EPSS
In wildExploits2References2
RedhatCVE
RedhatCVE
β€’added 2026/06/05 7:16 p.m.β€’14 views

CVE-2026-42271

A flaw was found in LiteLLM, a proxy server AI Gateway for Large Language Model LLM APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user...

8.8CVSS5.8AI score0.80188EPSS
Exploits2References6
NVD
NVD
β€’added 2026/05/08 4:16 a.m.β€’26 views

CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it β€” POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list β€” accepted a full server configuration i...

8.8CVSS0.80188EPSS
Exploits2References9
Cvelist
Cvelist
β€’added 2026/05/08 3:35 a.m.β€’64 views

CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it β€” POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list β€” accepted a full server configuration i...

8.7CVSS0.80188EPSS
Exploits2References2
Vulnrichment
Vulnrichment
β€’added 2026/05/08 3:35 a.m.β€’11 views

CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it β€” POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list β€” accepted a full server configuration i...

8.7CVSS5.9AI score0.80188EPSS
Exploits2References2
EUVD
EUVD
β€’added 2026/05/08 3:35 a.m.β€’11 views

EUVD-2026-28507

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it β€” POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list β€” accepted a full server configuration i...

8.8CVSS6AI score0.80188EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
β€’added 2026/05/08 3:35 a.m.β€’7 views

CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it β€” POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list β€” accepted a full server configuration i...

8.7CVSS6AI score0.80188EPSS
Exploits2References3Affected Software1
OSV
OSV
β€’added 2026/05/08 3:35 a.m.β€’2 views

CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it β€” POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list β€” accepted a full server configuration i...

8.7CVSS6.2AI score0.80188EPSS
Exploits2References11
CVE
CVE
β€’added 2026/05/08 3:35 a.m.β€’228 views

CVE-2026-42271

Summary: CVE-2026-42271 affects LiteLLM up to v1.83.7, where two MCP preview endpoints (POST /mcp-rest/test/connection and /tools/list) could spawn arbitrary commands via stdio transport when provided a full server config, restricted only by a valid API key. The subprocess ran with the proxy’s pr...

8.8CVSS6AI score0.80188EPSS
In wildExploits2References9Affected Software1
Github Security Blog
Github Security Blog
β€’added 2026/04/25 11:27 p.m.β€’70 views

LiteLLM: Authenticated command execution via MCP stdio test endpoints

Impact Two endpoints used to preview an MCP server before saving it β€” POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list β€” accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...

8.8CVSS5.7AI score0.80188EPSS
Exploits2References5Affected Software1
OSV
OSV
β€’added 2026/04/25 11:27 p.m.β€’69 views

GHSA-V4P8-MG3P-G94G LiteLLM: Authenticated command execution via MCP stdio test endpoints

Impact Two endpoints used to preview an MCP server before saving it β€” POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list β€” accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...

8.8CVSS6AI score0.80188EPSS
Exploits2References5
Positive Technologies
Positive Technologies
β€’added 2026/04/25 12:0 a.m.β€’13 views

PT-2026-37185

Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.74.2 through 1.83.6 Description LiteLLM is a proxy server AI Gateway used to call LLM APIs in OpenAI or native format. The endpoints 'POST /mcp-rest/test/connection' and 'POST /mcp-rest/test/tools/list', used to preview an M...

8.8CVSS6.2AI score0.80188EPSS
Exploits2References99
CVE
CVE
β€’added 2026/04/21 4:4 p.m.β€’12 views

CVE-2026-40566

FreeScout (versions before 1.8.213) contains an SSRF in the IMAP/SMTP connection test flow via MailboxesController. The three AJAX actions fetch_test, send_test, and imap_folders pass admin-configured in_server/in_port and out_server/out_port directly to fsockopen and to IMAP/SMTP clients without...

4.1CVSS5.8AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
β€’added 2026/04/06 10:57 a.m.β€’8 views

CVE-2026-32662

Development and test API endpoints are present that mirror production functionality...

6.9CVSS5.9AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
β€’added 2026/04/03 9:31 p.m.β€’11 views

EUVD-2026-18847

Development and test API endpoints are present that mirror production functionality...

6.9CVSS5.9AI score0.00316EPSS
Exploits0References4
NVD
NVD
β€’added 2026/04/03 9:17 p.m.β€’8 views

CVE-2026-32662

Development and test API endpoints are present that mirror production functionality...

6.9CVSS0.00316EPSS
Exploits0References3
Cvelist
Cvelist
β€’added 2026/04/03 8:11 p.m.β€’27 views

CVE-2026-32662 Gardyn Cloud API Active Debug Code

Development and test API endpoints are present that mirror production functionality...

6.9CVSS0.00316EPSS
Exploits0References3
CVE
CVE
β€’added 2026/04/03 8:11 p.m.β€’20 views

CVE-2026-32662

Technical details about CVE-2026-32662 are not provided in the supplied documents. Monitor for updates from vendors and security advisories.

6.9CVSS5.9AI score0.00316EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
β€’added 2026/04/03 8:11 p.m.β€’7 views

CVE-2026-32662

Development and test API endpoints are present that mirror production functionality...

6.9CVSS5.9AI score0.00316EPSS
Exploits0References4
Vulnrichment
Vulnrichment
β€’added 2026/04/03 8:11 p.m.β€’10 views

CVE-2026-32662 Gardyn Cloud API Active Debug Code

Development and test API endpoints are present that mirror production functionality...

6.9CVSS5.9AI score0.00316EPSS
Exploits0References3
Rows per page
Query Builder