LiteLLM Vulnerability Exploited Shortly After Disclosure, Exposing Sensitive Data
A critical vulnerability in the LiteLLM AI gateway was exploited shortly after its disclosure, allowing attackers to access sensitive database tables. The flaw, identified as CVE-2026-42208, involves an SQL injection during the proxy API key verification process. This vulnerability enables unauthenticated attackers to send crafted Authorization headers to access the database, potentially leaking credentials. The first attacks were observed 36 hours after the advisory was indexed in the GitHub Advisory database. Attackers targeted tables containing API keys and provider credentials, although no further exploitation of the extracted data has been reported. 
