Critical Vulnerability in LiteLLM Exploited Within 36 Hours of Disclosure

📌 A critical vulnerability in the LiteLLM Python package, tracked as CVE-2026-42208, was exploited by attackers within 36 hours of its public disclosure. The flaw is an SQL injection in the proxy API key verification process, allowing unauthorized access and modification of sensitive database data. No specific threat actors or affected organizations were named in the report. The vulnerability was disclosed and subsequently targeted rapidly, highlighting the speed of exploitation following public exposure. LiteLLM is an AI-related tool, though the exact scope of impacted systems remains unspecified.