A critical SQL injection vulnerability (CVE-2026-42208) in the open-source AI gateway LiteLLM was exploited shortly after its public disclosure, allowing attackers to access sensitive database information. The flaw, which received a CVSS score of 9.3, has been patched in version 1.83.7, and users are advised to update or disable error logs to mitigate the risk.
The critical-severity SQL injection vulnerability in LiteLLM, identified as CVE-2026-42208, underscores the need for immediate patch management and proactive monitoring of open-source software dependencies, particularly those involved in AI and data handling. With the vulnerability exploited just 36 hours after disclosure, it highlights the importance of rapid response and updating to patched versions (LiteLLM 1.83.7) to prevent unauthorized access to sensitive data, like API keys and credentials. This case reinforces the necessity for robust security measures and quick adaptation to newly disclosed threats in your cybersecurity practices.