LiteLLM
Coverage of LiteLLM in the Nexus archive.
- LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
A critical SQL injection vulnerability (CVE-2026-42208) in BerriAI's LiteLLM Python package was exploited in the wild within 36 hours of disclosure. The flaw, with a CVSS score of 9.3, allows attackers to modify underlying data through SQL injection attacks.
- Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are exploiting a critical pre-authentication SQL injection vulnerability (CVE-2026-42208) in the LiteLLM open-source LLM gateway to access sensitive information. The flaw allows attackers to bypass authentication and manipulate database queries, risking data exposure.
- Don't pay Vect a ransom - your data's likely already wiped out
The ransomware Vect, associated with recent Trivy and LiteLLM supply-chain attacks, is actually a wiper that destroys files larger than 128KB. Check Point Research warns that paying the ransom is ineffective, as data recovery is impossible for victims.
- Another npm supply chain worm is tearing through dev environments
Another npm supply chain attack is spreading through compromised packages, stealing secrets and sensitive data from developers' environments. The attack shares similarities with previous infections linked to the TeamPCP group and references a 'TeamPCP/LiteLLM method' in its payload.
- Show HN: GoModel – an open-source AI gateway in Go; 44x lighter than LiteLLM
GoModel is an open-source AI gateway developed by solo founder Jakub in Warsaw, designed to be 44x lighter than LiteLLM. It addresses AI cost tracking, model switching, debugging, and caching, with a focus on security and configurability via environment variables.