Critical Unauthenticated SQL Injection Vulnerability in LiteLLM Exploited Hours After Disclosure

A critical unauthenticated SQL injection vulnerability in LiteLLM was exploited in real-world attacks within hours of its public disclosure. The flaw exposes database contents of the proxy, including credentials for LLM providers and operational secrets. The issue has been patched in LiteLLM version 1.83.7. No specific CVE identifier or exact disclosure date was mentioned in the report. The vulnerability affects LiteLLM deployments and poses a risk to sensitive provider keys and internal data.