LiteLLM: SQL injection in Proxy API key verification_CVE-2026-42208

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.

AI Analysis

SQL injection vulnerability in LiteLLM proxy API key verification, allowing unauthorized access to the proxy and credentials

Basic Information

ID CVE-2026-42208

Source GitHub_M

Published May 8, 2026 at 03:38

Affected Product

Vendor BerriAI

Product litellm

Version >= 1.81.16, < 1.83.7

Affected Versions BerriAI litellm >= 1.81.16, < 1.83.7

CWE Classification

CWE-89

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor BerriAI

Product LiteLLM

Version 1.81.16 to 1.83.7

References

{
    "lastseen": "",
    "description": "LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.",
    "published": "2026-05-08T03:38:14.124Z",
    "modified": "2026-05-08T03:38:14.124Z",
    "type": "cve",
    "title": "LiteLLM: SQL injection in Proxy API key verification",
    "source": "GitHub_M",
    "references": "https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc\nhttps://github.com/BerriAI/litellm/releases/tag/v1.83.7-stable",
    "id": "CVE-2026-42208",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "BerriAI litellm >= 1.81.16, < 1.83.7",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "litellm",
    "version": ">= 1.81.16, < 1.83.7",
    "vendor": "BerriAI",
    "ai_description": "SQL injection vulnerability in LiteLLM proxy API key verification, allowing unauthorized access to the proxy and credentials",
    "ai_severity": "Critical",
    "ai_vendor": "BerriAI",
    "ai_product": "LiteLLM",
    "ai_version": "1.81.16 to 1.83.7",
    "ai_score": 9.3
}