Copyright © 2012 Red Hat, Inc. All rights reserved. Critical 2026-04-28T00:00:00 LiteLLM: LiteLLM: Unauthorized data access and modification via SQL injection 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CWE-89

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route (for example POST /chat/completions) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy and the credentials it manages. This issue has been patched in version 1.83.7.

A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API route, exploiting the proxy's error-handling path. Successful exploitation could enable the attacker to read and potentially modify data within the proxy's database, leading to unauthorized access to the proxy and its managed credentials.

This Critical SQL injection vulnerability in LiteLLM's proxy API key verification allows unauthenticated attackers to read and modify database data, leading to unauthorized access and credential compromise. However, Red Hat products are not affected as the vulnerable versions are not in use. Lightspeed Core Not affected lightspeed-core/lightspeed-stack-rhel9 Red Hat Ansible Automation Platform 2 Not affected ansible-automation-platform-26/lightspeed-chatbot-rhel9 Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-llama-stack-core-rhel9 Red Hat OpenShift AI (RHOAI) Not affected rhoai/odh-mlflow-rhel9 https://www.cve.org/CVERecord?id=CVE-2026-42208 https://nvd.nist.gov/vuln/detail/CVE-2026-42208 https://github.com/BerriAI/litellm/security/advisories/GHSA-r75f-5x8p-qvmc https://www.cisa.gov/known-exploited-vulnerabilities-catalog