Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

[KEV] CVE-2026-42208 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2026-42208 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2026-42208 is a SQL injection vulnerability in BerriAI LiteLLM, an open-source LLM proxy framework, that exposes the application's underlying database to unauthorized read and write access.

Technical Detail

The flaw exists in LiteLLM's proxy layer where user-controlled input is passed into database queries without adequate sanitization or parameterization, allowing an attacker to inject arbitrary SQL statements. Successful exploitation enables an attacker to read sensitive data from the proxy's database, including credentials managed by the proxy for downstream LLM API integrations, and potentially modify stored records. The practical impact includes unauthorized access to the proxy itself and exposure of third-party API keys or service credentials stored within it, which could be leveraged for further compromise of connected AI services.

Exploitation Status

CISA has confirmed active exploitation in the wild, having added this vulnerability to the Known Exploited Vulnerabilities catalog on May 8, 2026. The exploit maturity is rated Operational, meaning a reliable, functional exploit exists and is being used in real-world attacks rather than existing only as a proof-of-concept demonstration.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. Given the nature of the vulnerability and the credentials LiteLLM manages, opportunistic actors targeting AI infrastructure and API key theft are a plausible threat profile, but no named groups or campaigns have been formally attributed to exploitation of this CVE.

What To Do

Per CISA's Known Exploited Vulnerabilities catalog, organizations subject to BOD 22-01 must apply vendor-supplied patches or implement mitigations by the deadline associated with the May 8, 2026 listing. Operators running LiteLLM should update to the latest patched release from BerriAI immediately and review database access logs for anomalous query patterns indicative of SQL injection attempts. As an interim measure, restrict network access to the LiteLLM proxy to trusted hosts only and audit all credentials stored within the proxy database, rotating any that may have been exposed. Detection efforts should focus on database query logs for unexpected UNION, SELECT, or stacked query syntax originating from the proxy application layer.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →