Dossier
CVE-2026-42208
Coverage of CVE-2026-42208 in the Nexus archive.
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package was exploited in the wild within 36 hours of disclosure. The flaw, with a CVSS score of 9.3, allows attackers to modify underlying data through SQL injection attacks.
- Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are exploiting a critical pre-authentication SQL injection vulnerability (CVE-2026-42208) in the LiteLLM open-source LLM gateway to access sensitive information. The flaw allows attackers to bypass authentication and manipulate database queries, risking data exposure.