Critical LiteLLM SQL Injection (CVE-2026-42208) Actively Exploited Post-Disclosure
Why it matters: Indian organizations using LiteLLM must immediately patch or apply mitigations to prevent active exploitation of this critical SQL injection vulnerability.
A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package has been disclosed. The flaw, with a CVSS score of 9.3, allows threat actors to modify underlying databases. Exploitation in the wild began within 36 hours of the vulnerability becoming public knowledge.
Source: The Hacker News