CVE-2026-42208
Awaiting Analysis Awaiting Analysis - Queue
SQL Injection in LiteLLM Proxy Server

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: GitHub, Inc.

Description
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-42208
EUVD
EUVD-2026-28503
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
litellm litellm From 1.81.16 (inc) to 1.83.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-42208 is a critical SQL injection vulnerability in the LiteLLM proxy server's API key verification system. In versions 1.81.16 through 1.83.6, the system improperly incorporated user-supplied API key values directly into database queries as raw text instead of using parameterized queries. This flaw allowed unauthenticated attackers to send specially crafted Authorization headers to any LLM API route, exploiting the proxy's error-handling path to manipulate SQL queries.

Successful exploitation could enable attackers to read or modify data in the proxy's database, potentially gaining unauthorized access to the proxy and the credentials it manages. The issue was fixed in version 1.83.7 by properly parameterizing all user inputs in database queries.

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive data stored in the proxy's database. An attacker could read confidential information or modify database contents, which may lead to compromised credentials and unauthorized control over the proxy server.

The vulnerability affects confidentiality, integrity, and availability of the system, making it possible for attackers to disrupt services or steal sensitive information.

Detection Guidance

This vulnerability involves an SQL injection through the proxy API key verification system triggered by specially crafted Authorization headers. Detection would involve monitoring for unusual or malformed Authorization headers sent to any LLM API route, such as POST /chat/completions.

Since the vulnerability exploits the error-handling path, checking error logs for suspicious SQL errors or unexpected database query failures related to API key validation could help identify attempts.

A practical detection approach could include capturing and analyzing HTTP requests to the proxy server for Authorization headers containing suspicious or unexpected characters that might indicate SQL injection attempts.

Specific commands are not provided in the available resources.

Mitigation Strategies

The vulnerability has been patched in LiteLLM version 1.83.7. The immediate recommended step is to upgrade the LiteLLM proxy server to version 1.83.7 or later.

As a temporary workaround before upgrading, users can set the configuration option `disable_error_logs: true` under `general_settings` to remove the vulnerable error-handling path that can be exploited.

Compliance Impact

The vulnerability allows unauthenticated attackers to read and potentially modify sensitive data stored in the proxy's database, including credentials it manages. This unauthorized access and data manipulation could lead to violations of data protection requirements under common standards and regulations such as GDPR and HIPAA, which mandate strict controls over the confidentiality, integrity, and availability of sensitive information.

Because the vulnerability impacts confidentiality, integrity, and availability of data with a critical severity (CVSS 9.3), affected organizations may face compliance risks if the vulnerability is exploited and sensitive data is exposed or altered.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42208. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart