CISA Adds One Known Exploited Vulnerability to Catalog

FOE KNOWN EXPLOITED CISA Alerts May 08, 2026

Summary

CISA has added CVE-2026-42208, a SQL injection vulnerability in BerriAI LiteLLM, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation, which CISA states is a frequent attack vector posing significant risks. Federal agencies are required to remediate KEV vulnerabilities, and CISA urges all organizations to prioritize these fixes.

IFF Assessment

FOE

The article announces a newly identified exploited vulnerability, which presents an immediate threat and risk to organizations.

Severity

CISA KEV: Listed as actively exploited. Federal patch due: May 11, 2026. Known ransomware use: Unknown.

Defender Context

Organizations should be aware of newly added exploited vulnerabilities to their KEV catalog and prioritize patching them. Understanding the nature of the vulnerability, such as SQL injection in this case, helps defenders implement relevant security controls and monitoring.

Read Full Story →