CVE-2026-42208
SQL Injection in LiteLLM Proxy Server
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| litellm | litellm | From 1.81.16 (inc) to 1.83.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-42208 is a critical SQL injection vulnerability in the LiteLLM proxy server's API key verification system. In versions 1.81.16 through 1.83.6, the system improperly incorporated user-supplied API key values directly into database queries as raw text instead of using parameterized queries. This flaw allowed unauthenticated attackers to send specially crafted Authorization headers to any LLM API route, exploiting the proxy's error-handling path to manipulate SQL queries.
Successful exploitation could enable attackers to read or modify data in the proxy's database, potentially gaining unauthorized access to the proxy and the credentials it manages. The issue was fixed in version 1.83.7 by properly parameterizing all user inputs in database queries.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to sensitive data stored in the proxy's database. An attacker could read confidential information or modify database contents, which may lead to compromised credentials and unauthorized control over the proxy server.
The vulnerability affects confidentiality, integrity, and availability of the system, making it possible for attackers to disrupt services or steal sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an SQL injection through the proxy API key verification system triggered by specially crafted Authorization headers. Detection would involve monitoring for unusual or malformed Authorization headers sent to any LLM API route, such as POST /chat/completions.
Since the vulnerability exploits the error-handling path, checking error logs for suspicious SQL errors or unexpected database query failures related to API key validation could help identify attempts.
A practical detection approach could include capturing and analyzing HTTP requests to the proxy server for Authorization headers containing suspicious or unexpected characters that might indicate SQL injection attempts.
Specific commands are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been patched in LiteLLM version 1.83.7. The immediate recommended step is to upgrade the LiteLLM proxy server to version 1.83.7 or later.
As a temporary workaround before upgrading, users can set the configuration option `disable_error_logs: true` under `general_settings` to remove the vulnerable error-handling path that can be exploited.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to read and potentially modify sensitive data stored in the proxy's database, including credentials it manages. This unauthorized access and data manipulation could lead to violations of data protection requirements under common standards and regulations such as GDPR and HIPAA, which mandate strict controls over the confidentiality, integrity, and availability of sensitive information.
Because the vulnerability impacts confidentiality, integrity, and availability of data with a critical severity (CVSS 9.3), affected organizations may face compliance risks if the vulnerability is exploited and sensitive data is exposed or altered.