“cve - 2026 - 42208 : pre - authentication sql injection in litellm proxy tl ; dr bishop fox researchers reproduced and confirmed cve - 2026 - 42208, a critical pre - authentication sql injection in berriai ' s litellm proxy affecting versions 1. 81. 16 through 1. 83. 6. an attack…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
59%
“internal helper function reached through an exception path nobody thought of as a privileged context. the auth dispatcher ' s assert was clearly written as a defensive guard against this exact class of bug, but the guard ' s failure mode was an exception caught by a generic handl…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
57%
“sql had been in proxy / utils. py since at least v1. 81. 15. what changed in 1. 81. 16 was the addition of an unauthenticated path to reach it, and that path remained open until the fix was implemented in 1. 83. 7. the advisory ( ghsa - r75f - 5x8p - qvmc ) credits tencent yundin…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Bishop Fox researchers confirmed a critical pre-authentication SQL injection in LiteLLM proxy affecting versions 1.81.16 through 1.83.6. Attackers can exploit it without credentials, and it blends into normal logs. In-the-wild exploitation was observed within 36 hours of the advisory going public.