U.S. CISA Adds a Flaw in BerriAI LiteLLM to Its Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added BerriAI’s LiteLLM flaw, CVE‑2026‑42208, to its Known Exploited Vulnerabilities (KEV) catalog. With a CVSS base score of 9.3, the vulnerability ranks among the most severe threats facing organizations that rely on large‑language‑model (LLM) proxies. The KEV list is a mandatory reference for U.S. federal agencies under Binding Operational Directive 22‑01, and inclusion signals that the flaw is already being weaponized in the wild. By flagging the issue, CISA pushes both public and private sectors to prioritize remediation before the May 11, 2026 deadline.

The vulnerability resides in LiteLLM’s proxy API‑key verification routine, where the supplied key is concatenated directly into an SQL statement instead of being bound as a parameter. This classic SQL injection lets an unauthenticated attacker craft a malicious Authorization header and execute arbitrary queries against the proxy’s backend database. Researchers from Sysdig observed a targeted enumeration of three high‑value tables—virtual API keys, stored provider credentials, and environment‑variable configuration—within 36 hours of public disclosure. Although no data exfiltration was confirmed, the rapid, precise probing demonstrates how quickly attackers can translate a code flaw into a live threat.

Mitigation is straightforward: upgrade to LiteLLM 1.83.7 or later, released on April 19, 2026, and enable the `disable_error_logs: true` setting to block the error‑handling path used by the exploit. Organizations that cannot patch immediately should isolate affected proxies and monitor for the indicators of compromise published by Sysdig. The episode underscores the broader risk of third‑party AI libraries entering production pipelines without rigorous code review. As federal mandates tighten, enterprises are urged to integrate KEV monitoring into their vulnerability‑management workflows to stay ahead of fast‑moving threats.