LiteLLM Hit Again — SQL Injection Exposes Your AI Keys #cybersecurity #litellm #sqlinjection

LiteLLM, the open-source AI gateway, has a pre-auth SQL injection being actively exploited — and it's the project's second security incident in a month.\n\nCVE-2026-42208 affects LiteLLM versions 1.81.16 through 1.83.6. The vulnerability is in the authentication check — the API key value gets plugged directly into a database query without parameterization. According to Sysdig's threat research team, the first exploitation attempt landed 36 hours after the advisory was indexed on April 24. The attacker fired 29 targeted SQL injection payloads at the three tables storing virtual API keys, provider credentials, and proxy configuration. In March, attackers compromised the Trivy security scanner in LiteLLM's CI/CD pipeline and pushed backdoored versions to PyPI. Update to v1.83.7 and rotate all stored credentials if you were running an affected version.\n\nSources:\nhttps://www.bleepingcomputer.com/news/security/hackers-are-exploiting-a-critical-litellm-pre-auth-sqli-flaw/\nhttps://www.sysdig.com/blog/cve-2026-42208-targeted-sql-injection-against-litellms-authentication-path-discovered-36-hours-following-vulnerability-disclosure\n\nMore on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday.