CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

VulnCheck KEV•added 2026/06/08 12:0 a.m.•26 views

VulnCheck KEV: CVE-2026-42271

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration i...

8.8CVSS5.6AI score0.74993EPSS

In wildExploits1References2

RedhatCVE•added 2026/06/05 7:16 p.m.•7 views

CVE-2026-42271

A flaw was found in LiteLLM, a proxy server AI Gateway for Large Language Model LLM APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user...

8.8CVSS5.8AI score0.74993EPSS

Exploits1References6

NVD•added 2026/05/08 4:16 a.m.•15 views

CVE-2026-42271

8.8CVSS0.74993EPSS

Exploits1References3

Vulnrichment•added 2026/05/08 3:35 a.m.•8 views

CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints

8.7CVSS5.9AI score0.74993EPSS

Exploits1References2

ATTACKERKB•added 2026/05/08 3:35 a.m.•4 views

CVE-2026-42271

8.7CVSS6AI score0.74993EPSS

Exploits1References3Affected Software1

EUVD•added 2026/05/08 3:35 a.m.•8 views

EUVD-2026-28507

8.8CVSS6AI score0.74993EPSS

Exploits1References2

Cvelist•added 2026/05/08 3:35 a.m.•39 views

CVE-2026-42271 LiteLLM: Authenticated command execution via MCP stdio test endpoints

8.7CVSS0.74993EPSS

Exploits1References2

CVE•added 2026/05/08 3:35 a.m.•174 views

CVE-2026-42271

Summary: CVE-2026-42271 affects LiteLLM up to v1.83.7, where two MCP preview endpoints (POST /mcp-rest/test/connection and /tools/list) could spawn arbitrary commands via stdio transport when provided a full server config, restricted only by a valid API key. The subprocess ran with the proxy’s pr...

8.8CVSS6AI score0.74993EPSS

In wildExploits1References3Affected Software1

OSV•added 2026/04/25 11:27 p.m.•50 views

GHSA-V4P8-MG3P-G94G LiteLLM: Authenticated command execution via MCP stdio test endpoints

Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...

8.8CVSS6AI score0.74993EPSS

Exploits1References5

Github Security Blog•added 2026/04/25 11:27 p.m.•53 views

LiteLLM: Authenticated command execution via MCP stdio test endpoints

8.8CVSS5.7AI score0.74993EPSS

Exploits1References5Affected Software1

Positive Technologies•added 2026/04/25 12:0 a.m.•7 views

PT-2026-37185

Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.74.2 through 1.83.6 Description LiteLLM is a proxy server AI Gateway used to call LLM APIs in OpenAI or native format. The endpoints 'POST /mcp-rest/test/connection' and 'POST /mcp-rest/test/tools/list', used to preview an M...

8.8CVSS6.2AI score0.74993EPSS

Exploits1References82

CVE•added 2026/04/21 4:4 p.m.•9 views

CVE-2026-40566

FreeScout (versions before 1.8.213) contains an SSRF in the IMAP/SMTP connection test flow via MailboxesController. The three AJAX actions fetch_test, send_test, and imap_folders pass admin-configured in_server/in_port and out_server/out_port directly to fsockopen and to IMAP/SMTP clients without...

4.1CVSS5.8AI score0.00291EPSS

Exploits0References3

RedhatCVE•added 2026/04/06 10:57 a.m.•6 views

CVE-2026-32662

Development and test API endpoints are present that mirror production functionality...

6.9CVSS5.9AI score0.00316EPSS

Exploits0References1

EUVD•added 2026/04/03 9:31 p.m.•9 views

EUVD-2026-18847

Development and test API endpoints are present that mirror production functionality...

6.9CVSS5.9AI score0.00316EPSS

Exploits0References4