A critical SQL-injection vulnerability (CVE-2026-42208) in the LiteLLM proxy API key verification allows unauthenticated attackers to send crafted Authorization headers to any LLM route and read or modify the proxy database. Active, targeted exploitation began about 36 hours after disclosure—operators used malicious Authorization: Bearer headers against /chat/completions to extract API and provider credentials, and LiteLLM 1.83.7 fixes the bug with parameterized queries while maintainers recommend rotating keys and applying the workaround if an upgrade isn’t possible. #LiteLLM #CVE-2026-42208
Keypoints
- LiteLLM contains an unauthenticated SQL injection in the proxy API key verification step exploitable via a crafted Authorization header.
- An attacker can read and modify the proxy database, exposing API keys, virtual/master keys, provider credentials, and environment secrets.
- Researchers observed targeted exploitation about 36 hours after disclosure, with requests to /chat/completions using malicious Authorization: Bearer headers.
- LiteLLM 1.83.7 fixes the issue by replacing string concatenation with parameterized queries; upgrading is the primary remediation.
- Operators should rotate all exposed keys and, if unable to upgrade immediately, set disable_error_logs: true under general_settings as a temporary mitigation.