CVE-2026-42208: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in BerriAI litellm
CVE-2026-42208 is a critical SQL injection vulnerability in BerriAI's LiteLLM proxy server versions 1. 81. 16 up to but not including 1. 83. 7. The vulnerability arises because the proxy improperly incorporates user-supplied API key values directly into a database query string instead of using parameterized queries. An unauthenticated attacker can exploit this by sending a crafted Authorization header to any LLM API route, triggering the vulnerable query via the proxy's error-handling path. Successful exploitation could allow the attacker to read and potentially modify the proxy's database contents, including sensitive credentials. This issue has been fixed in version 1. 83.
AI Analysis
Technical Summary
LiteLLM, a proxy server for LLM APIs, contained an SQL injection vulnerability (CWE-89) in versions 1.81.16 through 1.83.6. The vulnerability occurs because the proxy's database query for API key validation concatenates the caller-supplied key directly into the SQL statement rather than using parameterized queries. An unauthenticated attacker can exploit this by sending a specially crafted Authorization header to any LLM API endpoint, reaching the vulnerable query through the error-handling path. This can lead to unauthorized reading and modification of the proxy's database, potentially compromising access credentials. The vulnerability is addressed in version 1.83.7.
Potential Impact
The vulnerability allows unauthenticated attackers to perform SQL injection attacks against the LiteLLM proxy server's database. This can lead to unauthorized disclosure and modification of sensitive data, including proxy credentials, which may result in unauthorized access to the proxy and its managed resources. The CVSS 4.0 base score is 9.3, indicating a critical severity with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A patch fixing this vulnerability is available in LiteLLM version 1.83.7. Users should upgrade to version 1.83.7 or later to remediate this issue. Since this is not a cloud service, remediation depends on applying the vendor's update. Patch status is not explicitly stated beyond the version fix, so users should consult the vendor's advisory or release notes for confirmation and further guidance.
CVE-2026-42208: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in BerriAI litellm
Description
CVE-2026-42208 is a critical SQL injection vulnerability in BerriAI's LiteLLM proxy server versions 1. 81. 16 up to but not including 1. 83. 7. The vulnerability arises because the proxy improperly incorporates user-supplied API key values directly into a database query string instead of using parameterized queries. An unauthenticated attacker can exploit this by sending a crafted Authorization header to any LLM API route, triggering the vulnerable query via the proxy's error-handling path. Successful exploitation could allow the attacker to read and potentially modify the proxy's database contents, including sensitive credentials. This issue has been fixed in version 1. 83.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
LiteLLM, a proxy server for LLM APIs, contained an SQL injection vulnerability (CWE-89) in versions 1.81.16 through 1.83.6. The vulnerability occurs because the proxy's database query for API key validation concatenates the caller-supplied key directly into the SQL statement rather than using parameterized queries. An unauthenticated attacker can exploit this by sending a specially crafted Authorization header to any LLM API endpoint, reaching the vulnerable query through the error-handling path. This can lead to unauthorized reading and modification of the proxy's database, potentially compromising access credentials. The vulnerability is addressed in version 1.83.7.
Potential Impact
The vulnerability allows unauthenticated attackers to perform SQL injection attacks against the LiteLLM proxy server's database. This can lead to unauthorized disclosure and modification of sensitive data, including proxy credentials, which may result in unauthorized access to the proxy and its managed resources. The CVSS 4.0 base score is 9.3, indicating a critical severity with network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Mitigation Recommendations
A patch fixing this vulnerability is available in LiteLLM version 1.83.7. Users should upgrade to version 1.83.7 or later to remediate this issue. Since this is not a cloud service, remediation depends on applying the vendor's update. Patch status is not explicitly stated beyond the version fix, so users should consult the vendor's advisory or release notes for confirmation and further guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-25T05:04:37.027Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fd5dbdcbff5d86108b645b
Added to database: 5/8/2026, 3:51:25 AM
Last enriched: 5/8/2026, 4:06:55 AM
Last updated: 5/8/2026, 9:20:29 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.