Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

[KEV] CVE-2026-42271 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2026-42271 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2026-42271 is a command injection vulnerability in BerriAI LiteLLM, an open-source LLM proxy and API management platform, that allows any authenticated user to execute arbitrary operating system commands on the underlying host.

Technical Detail

The flaw permits command injection by authenticated users, including those holding low-privilege internal-user API keys, meaning no elevated permissions are required to trigger the vulnerability. An attacker with a valid low-privilege credential can craft a malicious request that causes the LiteLLM process to execute attacker-controlled commands on the host system, resulting in full remote code execution (RCE). The impact includes complete host compromise, lateral movement potential, and access to any secrets, model configurations, or downstream API credentials accessible to the LiteLLM process.

Exploitation Status

CISA has confirmed active exploitation in the wild, with this vulnerability added to the Known Exploited Vulnerabilities (KEV) catalog on June 8, 2026. The exploit maturity is rated Operational, meaning functional exploit code exists and is being used in real-world attacks, not merely demonstrated in controlled research settings. Organizations running LiteLLM with any externally or internally accessible API surface should treat this as an immediate priority.

Who Is Targeting This

No specific threat actor attribution at this time. Neither confirmed nor reported threat actor associations have been established for this vulnerability as of June 10, 2026.

What To Do

Per CISA's binding operational directive associated with KEV listing on June 8, 2026, federal agencies are required to apply patches or mitigations by the mandated remediation deadline; all organizations should treat this with equivalent urgency. Apply the latest available patch from BerriAI for LiteLLM immediately and verify the installed version is no longer vulnerable. If patching cannot be completed immediately, restrict access to the LiteLLM API to trusted, explicitly authorized users only, and revoke or audit all existing internal-user API keys for signs of unauthorized issuance. Network-level controls should be applied to limit exposure of the LiteLLM management interface to internal networks or VPN-gated access. Detection efforts should focus on anomalous process spawning from the LiteLLM service process, unexpected outbound network connections, and API requests containing shell metacharacters or encoded command sequences in user-controlled input fields.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →