Description

A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API route, exploiting the proxy's error-handling path. Successful exploitation could enable the attacker to read and potentially modify data within the proxy's database, leading to unauthorized access to the proxy and its managed credentials.

INFO

Published Date :

Last Modified :

Source :

AFFECTED PRODUCTS

The following products are affected by CVE-2026-42208 vulnerability.

Vendors Products
Berriai
  • Litellm
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-42208.

URL Resource
https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-42208 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-42208 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact