SQL Injection in BerriAI LiteLLM (CVE‑2026‑42208) Added to CISA KEV Catalog – Active Exploitation Threatens Enterprises
What It Is – A newly disclosed SQL‑injection flaw (CVE‑2026‑42208) affects BerriAI LiteLLM, an AI‑driven large‑language‑model inference service. The vulnerability allows an unauthenticated attacker to inject arbitrary SQL commands into the backend database, potentially exposing or modifying data.
Exploitability – CISA’s KEV Catalog entry confirms that the vulnerability is being actively exploited in the wild. No public proof‑of‑concept is required; threat actors are already leveraging it. The CVSS score (not yet published) is expected to be ≥ 7.5, placing it in the High severity range.
Affected Products – BerriAI LiteLLM (all versions prior to the vendor‑issued patch). The service is typically delivered as a cloud‑hosted API used by SaaS platforms, internal applications, and third‑party integrations.
TPRM Impact –
- Third‑party AI services embedded in critical business workflows become a direct attack surface.
- A successful exploit can lead to unauthorized data access, manipulation of model outputs, or lateral movement into downstream systems.
Recommended Actions –
- Prioritize remediation of CVE‑2026‑42208 across all environments that consume BerriAI LiteLLM.
- Apply the vendor‑released patch or, if unavailable, block outbound traffic to the vulnerable endpoint until mitigation is in place.
- Conduct a rapid inventory of all applications and services that integrate the LiteLLM API to assess exposure.
- Update vulnerability‑management tooling to flag KEV‑listed CVEs as “high‑priority” for remediation.
- Review and harden input validation and parameterized query usage in any custom wrappers around the LiteLLM API.
Source: CISA Advisory – CISA Adds One Known Exploited Vulnerability to Catalog (May 08 2026)