LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE
Summary
CISA has added a critical command injection vulnerability in BerriAI LiteLLM, tracked as CVE-2026-42271, to its Known Exploited Vulnerabilities catalog. The flaw has a CVSS score of 8.7 and is being actively exploited in the wild, allowing authenticated users to execute arbitrary commands.
IFF Assessment
The active exploitation of a critical command injection vulnerability represents a direct threat to systems and data, making it bad news for defenders.
Severity
The CVSS score of 8.7 indicates a High severity vulnerability due to its attack vector (likely network-exploitable), privileges required (authenticated user), user interaction (none required), and the significant impact on confidentiality, integrity, and availability through arbitrary command execution.
CISA KEV: Listed as actively exploited. Federal patch due: June 22, 2026. Known ransomware use: Unknown.
Defender Context
This active exploitation highlights the immediate need for organizations using LiteLLM to patch or implement mitigations for CVE-2026-42271. Defenders should prioritize monitoring for indicators of compromise related to this vulnerability and review their systems for any signs of unauthorized command execution.