Critical RCE Flaw in LiteLLM AI Gateway Actively Exploited, CISA Warns
BerriAI disclosed CVE-2026-42271 on May 8, 2026, a command-injection vulnerability in LiteLLM, a widely used open-source AI gateway, affecting all versions from 1.74.2 up to but not including 1.83.7. The flaw, rated CVSS 8.8, resides in two MCP-server preview endpoints that allow authenticated users to execute arbitrary OS-level commands on the host without any sandboxing. By June 9, 2026, CISA had added the vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. When chained with a separate Starlette host-header bypass flaw, CVE-2026-48710, the vulnerability enables unauthenticated remote code execution for anyone able to reach the LiteLLM HTTP interface. Users are urged to upgrade to version 1.83.7 or later immediately and to restrict exposure of the affected endpoints until both vulnerabilities are fully patched.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in