Ethical Hacking News
Hackers are exploiting a critical vulnerability in LiteLLM, an open-source large-language model gateway, that allows unauthorized access to sensitive data stored in its database. The flaw, tracked as CVE-2026-42208, is an SQL injection issue that occurs during the proxy API key verification step. Users of LiteLLM are advised to upgrade to version 1.83.7 and rotate their virtual API keys and provider credentials to mitigate the risk of exploitation.
LiteLLM has been exploited due to an SQL injection vulnerability (CVE-2026-42208), allowing attackers to access sensitive data without authentication. The vulnerability was actively exploited by hackers within 36 hours of its public disclosure on April 24. Researchers observed targeted exploitation attempts that queried specific tables containing API keys, provider credentials, and other sensitive data. The attacker's approach was highly targeted, indicating they knew what to target, and they switched IP addresses for evasion but ran the same malicious requests with fewer payloads. Sysdig warned that exposed LiteLLM instances should be treated as potentially compromised and advised users to rotate virtual API keys, master keys, and provider credentials. A fix was delivered in LiteLLM version 1.83.7, but a workaround is available for those unable to upgrade yet. The vulnerability highlights the importance of regular security audits and updates, as well as staying vigilant and addressing potential vulnerabilities promptly.
The open-source large-language model (LLM) gateway, LiteLLM, has recently become the target of a critical vulnerability that is being actively exploited by hackers. The flaw, tracked as CVE-2026-42208, is an SQL injection issue that occurs during LiteLLM's proxy API key verification step. This allows attackers to exploit the system without authentication and access sensitive data stored in the LiteLLM database.
According to the maintainer's security advisory, threat actors could use this vulnerability for "unauthorised access to the proxy and the credentials it manages." LiteLLM is a popular proxy/SDK middleware layer that enables users to call AI models via a single unified API. The project has 45k stars and 7.6k forks on GitHub, indicating its widespread adoption by developers of LLM apps and platforms managing multiple models.
The critical vulnerability was disclosed publicly on April 24, but within 36 hours, hackers began exploiting it to gain unauthorized access to sensitive data. Researchers at Sysdig observed deliberate and targeted exploitation attempts that sent crafted requests to ‘/chat/completions’ with a malicious ‘Authorization: Bearer’ header. These requests queried specific tables that contained API keys, provider credentials, environment data, and configs.
The threat actor's approach was highly targeted, as they went straight to where the secrets live – indicating that the attacker knew exactly what to target. In the second phase of the attack, the threat actor switched IP addresses, likely for evasion, but reran the same SQL injection attempts with fewer, more precise payloads.
Sysdig warned that exposed LiteLLM instances running vulnerable versions should be treated as potentially compromised and urged users to rotate their virtual API keys, master keys, and provider credentials stored in internet-exposed LiteLLM instances.
A fix was delivered in LiteLLM version 1.83.7 to replace string concatenation with parameterized queries. However, for those who cannot upgrade to the latest version yet, a workaround is suggested: setting ‘disable_error_logs: true’ under ‘general_settings’ to block the path through which malicious inputs can reach the vulnerable query.
The discovery of this critical vulnerability highlights the importance of regular security audits and updates in protecting sensitive data stored in open-source software. It also underscores the need for developers to stay vigilant and address potential vulnerabilities promptly, as hackers are increasingly using sophisticated tactics to exploit weaknesses in widely used technologies.
In recent times, supply-chain attacks have become a growing concern, with malicious actors targeting not just individual systems but also entire ecosystems of software packages and tools. The LiteLLM vulnerability falls into this category, where an attacker can use compromised third-party libraries or dependencies to gain access to sensitive data.
As the landscape of cyber threats continues to evolve, it is essential for users to stay informed about emerging vulnerabilities and take proactive measures to protect their systems and data. By doing so, they can minimize the risk of falling victim to attacks like the one targeted at LiteLLM.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Take-Advantage-of-Critical-LiteLLM-Pre-Auth-SQLi-Flaw-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw/
https://nvd.nist.gov/vuln/detail/CVE-2026-42208
https://www.cvedetails.com/cve/CVE-2026-42208/
Published: Tue Apr 28 17:03:31 2026 by llama3.2 3B Q4_K_M
