CVE-2026-42208 Scanner

LiteLLM is utilized by developers and companies to manage API key checks and handle database queries efficiently. It is commonly used in environments where AI models are integrated into chat applications, providing streamlined access to model outputs. The software is known for its ease of use and integration capabilities, catering to a wide range of applications in customer service and content generation. Its flexibility and robustness make it a preferred choice for enterprises needing a reliable translation of complex inputs. As a product, LiteLLM's design focuses on handling multiple requests simultaneously, maintaining performance across different platforms. Organizations benefit from its modular API structure, which allows for easy customization and scaling according to business needs.

A SQL Injection vulnerability is detected in LiteLLM versions 1.81.16 to < 1.83.7, impacting API key verification processes. This vulnerability allows unauthenticated attackers to exploit improperly handled database keys in proxy API during key checks. By manipulating these keys, attackers can read and modify critical database data, leading to unauthorized data access. The vulnerability is critical due to the potential extent of data that could be compromised. It demonstrates the risks associated with improperly sanitized input fields in database queries. The importance of securing database queries against unauthorized manipulation is highlighted by this vulnerability.

The technical mechanism of this vulnerability involves exploiting the Authorization header field used in database query statements. Attackers can craft malicious payloads that affect SQL query execution, using 'OR' statements that interfere with normal logic flow. This allows them to execute additional queries such as 'SELECT' or use time-based SQL injections to infer database structures. The use of 'pg_sleep()' demonstrates potential exploitation aimed at bypassing initial authentication layers. By delaying responses and extracting data over subsequent requests, attackers gain actionable insights into the database schema.

Exploitation of this vulnerability could lead to compromising sensitive user information and credentials stored in affected databases. It allows attackers to achieve arbitrary command execution and unauthorized access to backend systems. Companies using vulnerable versions of LiteLLM might face severe data breaches impacting customer privacy and financial losses. The potential for data modification further exacerbates the risk, paving the way for long-term security risks. End users could experience denial of service if critical databases are hijacked and exploited. Overall, improper database query handling can expose businesses to statutory compliance issues and brand reputation damage.

REFERENCES

• https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc
• https://www.sysdig.com/blog/cve-2026-42208-critical-sql-injection-litellm/
• https://nvd.nist.gov/vuln/detail/CVE-2026-42208