Description
A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API route, exploiting the proxy's error-handling path. Successful exploitation could enable the attacker to read and potentially modify data within the proxy's database, leading to unauthorized access to the proxy and its managed credentials.
Published: n/a
Score: 9.8 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when a database query that validates proxy API keys incorporates caller‑supplied key values directly into the statement. An attacker can send a specially crafted Authorization header to any LLM API route handled by the proxy, triggering the vulnerable query and inserting arbitrary SQL code. Successful exploitation allows the attacker to read records from the proxy’s database and potentially modify or delete data, effectively granting unauthorized control over the proxy and its stored credentials.

Affected Systems

This flaw affects systems that use the LiteLLM library, an open‑source LLM proxy maintained by BerriAI. Any deployment that has not yet applied the official fix for the malformed query is vulnerable, especially those exposing the proxy API to untrusted networks.

Risk and Exploitability

With a CVSS score of 9.8 the issue is rated critical. The attack does not require authentication and relies on a standard HTTP header, making exploitation straightforward for a skilled adversary. The EPSS score is not available, and the vulnerability is not yet listed in the CISA KEV catalog. Attacker can discover the proxy endpoint, craft the malicious payload, and gain full read/write access to the database without prior credentials.

Generated by OpenCVE AI on April 30, 2026 at 13:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LiteLLM to the latest version that removes the vulnerable query and uses parameterized statements.
  • If an immediate upgrade is not possible, restrict the proxy to trusted IP ranges using a firewall or reverse proxy, and consider requiring TLS client authentication.
  • Bind the database service to localhost or a private network so that the proxy is not exposed to the public internet.

Generated by OpenCVE AI on April 30, 2026 at 13:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
First Time appeared Berriai
Berriai litellm
Vendors & Products Berriai
Berriai litellm

Thu, 30 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API route, exploiting the proxy's error-handling path. Successful exploitation could enable the attacker to read and potentially modify data within the proxy's database, leading to unauthorized access to the proxy and its managed credentials.
Title LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection
Weaknesses CWE-89
References
Metrics threat_severity

None

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Critical

Subscriptions

Berriai Litellm
cve-icon MITRE

No data.

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Critical

Publid Date: 2026-04-28T00:00:00Z

Links: CVE-2026-42208 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T13:45:23Z

Weaknesses