CVE-2026-42208

Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.81.16 through 1.83.6

Description An unauthenticated SQL injection exists in the proxy API key verification process. The issue occurs because a database query mixed caller-supplied key values directly into the query text instead of using parameterized queries. An attacker can exploit this by sending a specially crafted Authorization header to any LLM API route, such as 'POST /chat/completions', reaching the vulnerable query through the proxy's error-handling path. This allows an attacker to read or modify data within the proxy's database, potentially leading to unauthorized access to the proxy and the credentials it manages, including OpenAI, Anthropic, and AWS Bedrock keys. Real-world incidents occurred within 36 hours of disclosure, where attackers used UNION SELECT payloads to target tables such as litellm credentials, LiteLLM VerificationToken, and litellm config.

Recommendations Update LiteLLM to version 1.83.7 or higher. As a temporary workaround, set disable error logs: true under general settings to remove the path that allows unauthenticated input to reach the vulnerable query. Revoke and regenerate all AI API keys and audit IAM roles for unauthorized invocations if the instance was publicly exposed.