Exposures › CVE-2026-42208
BerriAI LiteLLM contains a SQL injection vulnerability enabling unauthorized database access and credential theft.
The SQL injection flaw in BerriAI LiteLLM allows attackers to read and modify data in the proxy's database, including credentials, creating a direct supply-chain risk for DIB organizations relying on the service. This vulnerability is actively exploited and poses a significant threat to data integrity and confidentiality, requiring immediate patching and vendor accountability.
Shame score — Active exploitation of a SQL injection vulnerability in a widely used AI proxy service indicates a critical security oversight that could lead to credential theft and data breaches.
BerriAI LiteLLM contains a SQL injection vulnerability that allows an attacker to read data from the proxy's database and potentially modify it, leading to unauthorized access to the proxy and the credentials it manages.
No correlated FedRAMP products.