Exposures › CVE-2026-42271
BerriAI LiteLLM allows authenticated users to execute arbitrary host commands via command injection.
This vulnerability enables low-privilege internal users to run arbitrary commands on the host, posing a severe risk to DIB organizations relying on BerriAI LiteLLM for secure AI workloads. The ability to execute arbitrary commands via command injection directly violates NIST 800-171 and CMMC requirements for system integrity and access control, potentially leading to data exfiltration or lateral movement. DIB vendors must immediately patch this vulnerability and audit all BerriAI LiteLLM deployments to prevent unauthorized command execution.
Shame score — A command injection vulnerability allowing arbitrary command execution via low-privilege authentication is a critical security failure that undermines system integrity and access control requirements.
BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host.
No correlated FedRAMP products.