CVE-2026-42208: BerriAI LiteLLM SQL Injection Vulnerability
Summary
BerriAI LiteLLM has a SQL injection vulnerability enabling attackers to access and modify the proxy's database and managed credentials. This grants unauthorized access to the proxy itself. Mitigation is required, with a federal due date of May 11, 2026.
IFF Assessment
The SQL injection vulnerability allows unauthorized access and modification of sensitive data, posing a significant risk to defenders.
Severity
The vulnerability allows attackers to read and modify data, leading to unauthorized access, which is a high impact. The attack vector is likely network-based and exploitability is presumed high given it's a common SQL injection.
CISA KEV: Listed as actively exploited. Federal patch due: May 11, 2026. Known ransomware use: Unknown.
Defender Context
This CVE highlights a critical SQL injection vulnerability in BerriAI LiteLLM, which could be exploited to gain unauthorized access to sensitive data and credentials managed by the proxy. Defenders should prioritize applying vendor-provided mitigations or discontinuing the use of the product if patches are unavailable to prevent potential breaches and data compromise.