Federal agencies must patch CVE-2026-42208 in BerriAI LiteLLM by 11 May or discontinue use
Summary
- CISA added CVE-2026-42208, a SQL injection vulnerability in BerriAI LiteLLM, to its Known Exploited Vulnerabilities catalog on 8 May
- The vulnerability allows attackers to read and potentially modify proxy database data, leading to unauthorised access to managed credentials
- Federal agencies have until 11 May 2026 to apply vendor mitigations, follow BOD 22-01 guidance, or discontinue product use
The Cybersecurity and Infrastructure Security Agency has added CVE-2026-42208, a SQL injection vulnerability affecting BerriAI LiteLLM, to its Known Exploited Vulnerabilities catalog.
The vulnerability allows attackers to read data from the proxy’s database and potentially modify it, according to CISA’s advisory. This can lead to unauthorised access to the proxy and the credentials it manages.
LiteLLM is an open-source proxy service that provides a unified API for various large language model providers. The tool is commonly used by organisations to manage and route API calls to different LLM services.
Remediation requirements
CISA has set a remediation deadline of 11 May 2026 for federal agencies. Organisations must either apply mitigations according to vendor instructions, follow applicable Binding Operational Directive 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
The vulnerability details are documented in a GitHub security advisory and the National Vulnerability Database.
CISA’s inclusion of this vulnerability in the KEV catalog indicates active exploitation has been observed in the wild, though the agency has not provided specific details about attack campaigns or affected organisations.
Why It Matters
This vulnerability poses significant risk to organisations using LiteLLM to manage AI service credentials and API access. The ability to read and modify proxy database contents could expose sensitive authentication tokens and API keys for multiple LLM services. For CISOs managing AI infrastructure, this represents a potential single point of failure that could compromise access to multiple AI platforms and expose proprietary prompts or model interactions.
What To Do Now
- Check if your organisation uses BerriAI LiteLLM proxy services
- Apply vendor mitigations according to the GitHub security advisory if using the product
- Follow BOD 22-01 guidance for cloud services if applicable to your deployment
- Discontinue use of LiteLLM if mitigations are unavailable or cannot be implemented by the deadline
