🚨 CRITICAL ALERT: Active Zero-Day Exploits

URGENT: CVE-2026-42208 in LiteLLM, a widely used AI Gateway proxy for LLM APIs, is under active exploitation within 36 hours of disclosure. This pre-auth SQL injection (CVSS 9.3-9.8) allows unauthenticated attackers to steal API keys for OpenAI, Anthropic, and other providers, log sensitive prompts/responses, and chain to RCE. CISA KEV added 2026-05-08. Immediate patching required to prevent full AI stack compromise.

Critical Vulnerabilities (CVSS >= 8.0)

• CVE-2026-42208 (CVSS: 9.8): LiteLLM proxy server (AI Gateway) for LLM APIs. From version 1.81.16 to before 1.83.7, unauthenticated SQL injection via crafted Authorization: Bearer header on routes like POST /chat/completions extracts/modifies database, stealing provider credentials and enabling unauthorized proxy access. Exploited in wild targeting litellm_credentials tables. Patched in 1.83.7. View NVD | CISA KEV

⚡ Immediate Actions Required

• Patch NOW: Upgrade to LiteLLM v1.83.10-stable or later.
• Rotate ALL API keys stored in LiteLLM (OpenAI, Anthropic, etc.).
• Scan logs for exploitation from IP 65.111.27.132 or SQLi in Authorization headers since April 26, 2026.
• Restrict network access to LiteLLM proxy; deploy WAF rules blocking SQLi in headers.
• Monitor for anomalous LLM usage, credential replay, or RCE indicators (chained with CVE-2026-42203).
• If unpatchable, discontinue use per CISA BOD 22-01.

Threat actors have full chains to backdoor AI gateways. Act before compromise.