Critical SQL Injection (CVE‑2026‑42208) in LiteLLM Python Package Threatens AI Service Supply Chains
What It Is – A critical SQL‑injection flaw (CVE‑2026‑42208) was disclosed in BerriAI’s LiteLLM Python library, a popular component for routing LLM API calls. The vulnerability scores 9.3 (CVSS 3.1) and enables an attacker to inject arbitrary SQL commands into the backend database.
Exploitability – Active exploitation was observed within 36 hours of public disclosure. Proof‑of‑concept code is circulating on underground forums, and threat actors are already targeting vulnerable deployments.
Affected Products – LiteLLM (Python package, versions ≤ 0.7.5). The library is embedded in numerous AI‑as‑a‑Service platforms, internal LLM orchestration tools, and custom SaaS products that rely on third‑party LLM APIs.
TPRM Impact – Because LiteLLM is a shared dependency across many vendors, a compromise can cascade through supply chains, exposing customer data, corrupting model usage logs, and causing service outages for downstream clients.
Recommended Actions –
- Immediately upgrade to LiteLLM 0.7.6 or later, which contains the fix.
- Conduct a rapid inventory of all internal applications and third‑party services that import LiteLLM.
- Review database interaction logs for anomalous queries originating from LiteLLM processes.
- Apply runtime WAF/IDS rules to block typical SQL‑injection payloads targeting the library’s endpoints.
- Communicate the patch requirement to any SaaS partners that may be consuming your APIs.
Source: The Hacker News