U.S. CISA Adds BerriAI LiteLLM Vulnerability to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability in BerriAI LiteLLM, tracked as CVE-2026-42208 with a CVSS score of 9.3, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw was included following reports of rapid exploitation by attackers by the end of April. No specific attack vectors, impacted versions, or affected systems were detailed beyond the vulnerability’s critical severity. The addition to the KEV catalog indicates active exploitation in the wild, though no further technical or operational impacts were described. The action was reported by Security Affairs without additional context on mitigation or affected entities.