EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Critical LiteLLM pre-auth SQL injection vulnerability exploited soon after disclosure

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-04-29 13:04 UTCUpdated 2026-04-29 15:21 UTC
rss
cveexploitssecurity_advisoriesincident_response
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
BackEvidence (2)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.
2 top sources shown
Warning: LiteLLM pre-auth SQL injection (CVE-2026-42208), Patch Immediately!
CERT.BE (BE) - Advisories · News · ccb.belgium.be · 2026-04-29 15:21 UTC
limited source diversity in top sources
View all evidence
Overview

A newly disclosed pre-authentication SQL injection vulnerability (CVE-2026-42208) in LiteLLM has been actively exploited shortly after its public announcement. The flaw enables attackers to read and potentially modify data in a LiteLLM proxy's database.

Entities
LiteLLM
Score total
0.99
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
  • The vulnerability was disclosed very recently and is already being exploited in the wild.
  • Security advisories have just been issued urging urgent remediation.
  • Organizations using LiteLLM proxies must act now to mitigate active threats.
Why it matters
  • The vulnerability allows unauthorized access and modification of sensitive data in LiteLLM proxies.
  • Exploitation began rapidly after disclosure, increasing risk to affected systems.
  • Immediate patching is critical to prevent potential breaches and data tampering.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: medium
Recurring claims
  • LiteLLM has a pre-authentication SQL injection vulnerability (CVE-2026-42208) allowing attackers to read and modify proxy database data.
How sources frame it
  • CERT Belgium: neutral
  • SecurityWeek: neutral
All evidence
All evidence
Warning: LiteLLM pre-auth SQL injection (CVE-2026-42208), Patch Immediately!
CERT.BE (BE) - Advisories · ccb.belgium.be · 2026-04-29 15:21 UTC
Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
SecurityWeek · securityweek.com · 2026-04-29 13:04 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
  • CERT.BE (BE) - Advisories (1)
  • SecurityWeek (1)
Top origin domains (this list)
  • ccb.belgium.be (1)
  • securityweek.com (1)