RSS
Last updated: May 13, 2026 at 5:42 AM UTC
All 208 Vulnerability 72 Breach 41 Threat 88 Defense 7
Tag: litellm (2 articles)Clear
vulnerability
CVE-2026-42208
2026-04-28

Hackers raced to exploit a critical LiteLLM flaw 36 hours after disclosure - any attacker who could reach the proxy could read all stored AI API keys (CVE-2026-42208)

LiteLLM, the popular open-source gateway used to centralize API access for OpenAI, Anthropic, and other AI providers, has a critical pre-authentication SQL injection bug that attackers started exploiting just 36 hours after the security advisory went public. The flaw lets anyone who can reach the proxy port read all the API keys stored inside - including master keys, virtual keys, and provider credentials. The bug was in the bearer-token check: the token was concatenated into a SQL query instead of passed as a parameter. Sysdig saw the first attack at 04:24 UTC on April 26, hitting three tables that hold the most valuable secrets.

litellmai-gatewaysql-injectionpre-authopenaianthropiccredential-theftsysdigactively-exploited
Check
If you run any internet-facing LiteLLM proxy, patch to v1.83.7-stable today and treat every API key, virtual key, and stored provider credential as compromised.
Affected
LiteLLM versions 1.81.16 through 1.83.6, internet-reachable on the default proxy port. CVE-2026-42208, CVSS 9.3, pre-auth SQL injection. Blast radius is closer to a full cloud account compromise than a typical web app bug because LiteLLM holds OpenAI, Anthropic, and AWS Bedrock credentials.
Fix
Patch to LiteLLM v1.83.7-stable. If you can't upgrade, set 'disable_error_logs: true' under 'general_settings' as a workaround. Rotate every virtual key, master key, and upstream provider credential. Audit upstream provider billing for unexpected API calls since April 24. Block traffic from 65.111.27.132 and 65.111.25.67 (AS200373).
threat
CVE-2026-33634
2026-03-27

TeamPCP's 9-day supply chain rampage - Trivy to LiteLLM to Checkmarx to Telnyx

One group, four major compromises, nine days. TeamPCP started by backdooring Aqua Security's Trivy vulnerability scanner on March 19 - then used the stolen CI/CD credentials to poison LiteLLM, Checkmarx tools, and Telnyx one after another. Each compromised tool handed them the keys to the next target. They've now partnered with the Vect ransomware gang to turn stolen access into extortion.

teampcpsupply-chaintrivylitellmcheckmarxtelnyxpypiransomware
Check
Audit any CI/CD pipeline that used Trivy, LiteLLM, or Telnyx between March 19-27.
Affected
Trivy (compromised tags March 19), LiteLLM 1.82.7-1.82.8, Checkmarx KICS GitHub Actions (March 23), Telnyx 4.87.1-4.87.2.
Fix
Pin all open-source dependencies to exact versions. Rotate all credentials exposed in affected pipelines. Treat affected environments as fully compromised.